Fix to very serious and annoying issue of devise - Rails

Hi folks

From last some days, I was facing an issue that my rails application was
taking too much time for making user logged in. I am using devise. So
this night just debugged the issue and got the root of error. I have
fixed it and sharing the solution with all of you. It may help some of
your guys/gals also.

Here is the solution, have a look:

RAJ писал 23.09.2012 00:49:

http://tech-brains.blogspot.in/2012/09/devise-taking-too-much-time-to-make.html

First, this is not a Rails mailing list.

Second, your article is misleading. It does not discuss the differences
between
bcrypt or sha256, neither does it explain the value of bcrypt and
:stretches.
Even worse, you don’t seem to understand how bcrypt actually works or
how is it
configured.

To explain it shortly, bcrypt is a deliberately slow hashing function
which
causes a relatively insignificant amount of time to be spent if a
legitimate
user is trying to log in, but makes brute-force attacks completely
unfeasible.
The “relatively insignificant” clause is highly dependent on your CPU
speed.

The algorithm is configurable. It is expected that you will trade-off
security
for speed and select the correct stretch count suitable for your task.
Increasing
stretch count by one increases the computation time by a factor of 2.

Thus, if you configure the stretch count to 20, you’re doing it 2**10,
i.e. 1024
times slower than the default value of 10. Pretty obviously it times
out. This
doesn’t mean that there is some issue with bcrypt; this only means that
you didn’t
care to read the documentation and used the :stretches option blindly.
The
devise/bcrypt default works nice.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs