[tptacek]

It'd be great if he fixed auto_hash to use bcrypt instead of SHA256; this is, after all, the entirety of my original comment about his code.

Just be aware that once he replaces auto_hash with bcrypt, auto_hash has literally no functionality anymore; bcrypt-ruby already does all of what auto_hash does, better.

[KevinMS]

I'm on it right now, would have been done last night but having trouble with rails 3.0 and gem paths.

But its not true it wont have any functionality, it does what it claims to do, which isn't much, but its something.

Putting

  auto_hash :password, :field2, :field3

In a model will automate the process of "cryptofying" (using a fake word to avoid any more terminology disputes) database fields :password, :field2, :field3 upon save or update

Then it will give you a dynamic accessors like user.password_match?, user.field2_match?

This saves lines of ugly code I don't want to look it, and also frees up the models before_save hook.

Amendment: I think this will make auto_hash the only auth related plugin that defaults to, and only offers, bcrypt

[tptacek]

Yeah, bcrypt-ruby already does that, doesn't it?

[KevinMS]

Thats up to you to decide, here a comparison:

Here is bcrypt-ruby

  class User < ActiveRecord::Base

    include BCrypt

    def password
      @password ||= Password.new(password_hash)
    end

    def password=(new_password)
      @password = Password.create(new_password)
      self.password_hash = @password
    end

  end

Here is auto_hash

  class User < ActiveRecord::Base
    auto_hash :password
  end

[tptacek]

Not sure I'd want to introduce a plugin dep to get rid of 7 lines of code (you don't need the "include"), but, OK.