RAJ писал 23.09.2012 00:49:
First, this is not a Rails mailing list.
Second, your article is misleading. It does not discuss the differences
bcrypt or sha256, neither does it explain the value of bcrypt and
Even worse, you don’t seem to understand how bcrypt actually works or
how is it
To explain it shortly, bcrypt is a deliberately slow hashing function
causes a relatively insignificant amount of time to be spent if a
user is trying to log in, but makes brute-force attacks completely
The “relatively insignificant” clause is highly dependent on your CPU
The algorithm is configurable. It is expected that you will trade-off
for speed and select the correct stretch count suitable for your task.
stretch count by one increases the computation time by a factor of 2.
Thus, if you configure the stretch count to 20, you’re doing it 2**10,
times slower than the default value of 10. Pretty obviously it times
doesn’t mean that there is some issue with bcrypt; this only means that
care to read the documentation and used the :stretches option blindly.
devise/bcrypt default works nice.