Fix to very serious and annoying issue of devise - Rails

Hi folks

From last some days, I was facing an issue that my rails application was
taking too much time for making user logged in. I am using devise. So
this night just debugged the issue and got the root of error. I have
fixed it and sharing the solution with all of you. It may help some of
your guys/gals also.

Here is the solution, have a look:

RAJ писал 23.09.2012 00:49:

First, this is not a Rails mailing list.

Second, your article is misleading. It does not discuss the differences
bcrypt or sha256, neither does it explain the value of bcrypt and
Even worse, you don’t seem to understand how bcrypt actually works or
how is it

To explain it shortly, bcrypt is a deliberately slow hashing function
causes a relatively insignificant amount of time to be spent if a
user is trying to log in, but makes brute-force attacks completely
The “relatively insignificant” clause is highly dependent on your CPU

The algorithm is configurable. It is expected that you will trade-off
for speed and select the correct stretch count suitable for your task.
stretch count by one increases the computation time by a factor of 2.

Thus, if you configure the stretch count to 20, you’re doing it 2**10,
i.e. 1024
times slower than the default value of 10. Pretty obviously it times
out. This
doesn’t mean that there is some issue with bcrypt; this only means that
you didn’t
care to read the documentation and used the :stretches option blindly.
devise/bcrypt default works nice.