|
|
|
|
|
|
by binarylogic
6438 days ago
|
|
|
My comment about "anything not being used by the NSA" is not silly, it's true. Hell the NSA developed the Sha functions. I am not one to take security lightly, and salted Sha256 is not taking security lightly. I am not sure what kind of apps you write, but for 99% of the apps in the world, salted Sha256 is plenty secure. If it was as big of a problem as you said it would be highly discouraged, which it is not. The leading authentication solution in rails uses Sha1. Regardless, if you are extra paranoid, you can use any type of encryption you want with authgasm. So the argument is moot. Lastly, authgasm is not about promoting sha256, its about a style of authentication in rails. The method of encryption is just an option, which is what the crypto_provider option is all about. If you don't understand the subject which you are discussing, why are you discussing it? I actually looked into bycrypt and it's great. But it would be silly of me to use a linux only encryption solution in a library available to the ruby public. |
|
|