How does devise encrypt passwords

It looks like what you are looking at is Database Encryption. Rather I am looking for Application-level encryption. Reference 35 in the article is about application-level encryption. Add a comment. Active Oldest Votes. A few basic things I'd like to point out: Depending on the data size, you most likely don't want to use RSA keys for encrypting that. RSA keys can encrypt only data of up to certain size, which is just under the key length. It's not particularly efficient either. I don't think you want to derive RSA keys from user password.

This is not what RSA was created for and there is no standard solution to do that. RSA key is just a bunch of large integers, but of certain important characteristics. You can then use static, long-term RSA keys to encrypt the symmetric keys - both master and derived ones. As for the password-based key derivation, I believe this is more about key lifecycle management than anything else.

One solution would be to store key id for the current and previously derived keys in the metadata of the data it was encrypted with. Assuming the password changes, this will change the current symmetric key id as well as the key itsefl , but previously derived symmetric keys could be used to decrypt data encrypted in the past. This all assumes keys are effectively rotated on password change, but never expired.

Improve this answer. There are a lot of gotchas with encryption schemes and the devil is in the details. That said, some thoughts: If you are going to have per user password encrypted data, don't derive the key from the password. DarcyThomas DarcyThomas 1, 1 1 gold badge 10 10 silver badges 14 14 bronze badges.

Because they would need the username AND password of the other user in order to compute the hash and decrypt the AES key. And search the mailing, there was a discussion these days about something similar, and a good link to a related blog post. Tom Harrison. Benjamin -- for test only, Devise uses a "stretch" of 1 for bcrypt, otherwise the default is 20, and this makes for a very, very, very strong password both one that is repeatedly re-encrypted, and one that uses a purposely slow algorithm making cracking take an exceptionally long time.

You might also want to make the minimum password length 8 or more. As others have said, I also encourage you to use the exceptionally good methods employed by Devise for security for defaults, in particular sticking with bcrypt. These guys know their stuff and have done the work that everyone else writing websites should do. Let their expertise in this specific area allow you to focus on securing other aspects of your installation -- strong systems passwords, firewalls, close unneeded ports, make sure other credentials are not in source control, etc.

I formerly worked with a guy who was a so-called security expert who thought that doing magic with encryption would make his systems impenetrable. But he failed to put a password on his database root user and then!

If he had stepped back and used common sense, he would have realized that a huge lock on a weak door is no lock at all. Right now your information is not enough to resolve your question — Sergey Nudnov. Add a comment. Active Oldest Votes. Improve this answer. Sergey Nudnov Sergey Nudnov 1, 7 7 silver badges 20 20 bronze badges. I tried to use the javascript bcrypt but it hashes with a different format — Eduardo.

There are 2 possible causes: the plataformatec devise application uses a custom cryptor instead of a default one or there is second layer of encryption between application and database. Also, you should know the application's security keys and the pepper value it is email address by default.

If you have no access to the devise application sources - you won't succeed. Sign up or log in Sign up using Google. Sign up using Facebook. Devise concatenates password with a secret key pepper and then feeds the result to bcrypt, which then hashes them.

In theory, without knowing the pepper, it is infeasible to perform dictionary attacks on password hashes. However, Devise developers failed to take into account a design quirk of bcrypt: it only hashes the first 72 bytes of the password, and ignores everything else after that. This means that if the concatenation of the password and the pepper exceeds 72 bytes, the rest of the bytes are ignored. Since the password comes first, the longer the password, the fewer bytes of the pepper are available for hashing.

If the password is 72 bytes or longer, no peppering is done at all. They can register an account with a byte password, and then keep trying to log in with a byte password by appending a character.