mrg mrg - 1 year ago 160
Ruby Question

BCrypt::Errors::InvalidHash error in Rails


class LoginController < ApplicationController
def auth
if params[:name].present? && params[:pass].present? && params[:role].present?

epass =
render "argerror"


BCrypt::Errors::InvalidHash (invalid hash):
app/controllers/login_controller.rb:12:in `new'
app/controllers/login_controller.rb:12:in `auth'

Password Encryption Mechanism:

salt = BCrypt::Engine.generate_salt
pass = BCrypt::Engine.hash_secret(pass, salt)

The above code product "BCrypt::Errors::InvalidHash" error. My requirement is to get the username and password from client and validate
it with the data stored in db. In database I stored the hashed password for users which is encrypted by bcrypt. So, now I tried to
encrypt the password which is entered by client. After encrypt the current password, it is matched with hashed password stored in db. But it produce the error. How to solve this problem ?

Answer Source

You need to give the hash you have stored in the database, not the password the user is submitting. Then you compare that with input received from the user.


# Create hash of password
pass =  BCrypt::Password.create('TestPassword')
=> "$2a$10$3.D6D2htbiRrezmZUhePV.gaQlc3ZjFYD9hv43khN5eWP5y8BGUXG"

# Pass the hash you have stored to
db_hash ="$2a$10$3.D6D2htbiRrezmZUhePV.gaQlc3ZjFYD9hv43khN5eWP5y8BGUXG")

# Compare the input from the user to the password stored
db_hash == "TestPassword"
=> true

db_hash == "NotRealPassword"
=> false

You can find some more info here:

Also, if you're using Rails >= 3 I'd look into using ActiveModel::SecurePassword with your User model. Some more info here:

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download