11 Feb '12, 9pm

Related to the @kpnwebcare madness; here’s how you move to a more secure hashing algorithm without troubling users:

In an application we wrote back in 2004 I found MD5 hashed passwords. We decided this was too weak for modern standards so we wanted to switch to bcrypt . During the move we wanted the user to be affected as little as possible. In order to compute the crypted password we need the cleartext version. We only have a hashed version so the user has to type her password. Luckily they do this every time they authenticate, so that is a nice opportunity to upgrade their password. First I added a crypted_password column to the accounts table. We now have two columns for storing the password: the old hashed_password and the new crypted_password . add_column :accounts, :crypted_password, :string After that we updated the password accessor methods; assignment and verification. class Account def password=(password) if new_record? or !password.blank? self.crypted_password = BCrypt::Passw...

Full article: http://www.fngtps.com/2010/moving-to-a-safer-password-sol...

Tweets

Final words by @spinzer: It all depends on you:...

spinzer.us 15 Feb '12, 6am

Artistic Director of The Instant Cafe Theatre Company and of CHAI, Jo Kukathas is an award winning actor, writer anddirect...

[NEWS] Out with the old, in with the new—Singap...

is.asia-city.com 14 Feb '12, 6am

Burger fans take note! After a short break and relocation from their previous digs in Ghim Moh, De Burg is now back in biz...