Encryption-Decryption in Rails

views:

615

answers:

+2 Q:

Encryption-Decryption in Rails

Hi All,

I am using require 'digest/sha1' to encrypt my password and save into database. During login I authenticate by matching the encrypted password saved in database and again encrypted the one use enter in password field. As of now everything works fine but now I want to do 'Forgot Password' functionality. To do this I need to decrypt the password which is saved in database to find original one. How to decrypt using digest/sha1? Or does anyone know any algorithm which supports encryption & decryption as well?

I am using ruby on rails so I need Ruby way to accomplish it.

+1 A:

don't encrypt a password. instead, stored the hash of a password (better with a salt).

to forget a password usually means (re-)authentication via another channel, say, an email notification of password reset.

watch http://railscasts.com/episodes/209-introducing-devise if you need something already pre-built.

edit: if you really need encryption, google "openssl ruby"

there is never a simple solution for secure work. how good your implementation is determined by the weakness link.

so, my recommendation is, don't count on a short answer on SO ;-)

ohho 2010-04-26 07:32:14

I need it because in future i want to save some confidential data for ex:- credit card number . So i need decryption as well.

Salil 2010-04-26 07:38:34

I edited my (not so an) answer with a link to "openssl"

ohho 2010-04-26 08:31:44

+6 A:

SHA1 is a one way function you can't reverse it.

This may be of interest re password resets: http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic/

If you want to do encryption/decryption then you should use something like AES. Once you start using encryption/decryption, however, you'll also have to start worrying about key management too.

Regarding your comment to the OP below - if you are going to to be storing CC info, I would advise you get a security person in who knows about crypto, key management etc and who also understands the relevant legal and regulatory aspects.

bignum 2010-04-26 07:34:26

Ok then i want to know Any 2way Algoritham which i should be able to decrypt. please look my earlier comment just below answer given by "Horace Ho"

Salil 2010-04-26 07:49:28

+1 A:

Look at the ezcrypto gem: http://ezcrypto.rubyforge.org/

There's also the crypt gem, look at Blowfish : http://crypt.rubyforge.org

Greg 2010-04-26 08:23:41

+1 A:

As Horace Ho explained, you should never encrypt a password but always store a crypted salt.

However, it's perfectly fine to crypt other kind of data, such as confidential information. Encryptor it's a simple but powerful wrapper for OpenSSL. It provides the ability to encrypt/decrypt attributes in any class.

Simone Carletti 2010-04-26 09:41:10

while using it i have a problem when i save the encrypted data into the database

Salil 2010-04-27 11:34:14

Which kind of problem?

Simone Carletti 2010-04-27 14:41:01

ansaurus

tags:

views:

answers:

Encryption-Decryption in Rails

related questions