On Aug 8, 8:28=A0am, Rick Fiorentino <rfiorent... / charter.net> wrote:
> hash_pw =3D Digest::MD5.hexdigest(params[:name] + params[:password])
>
> Using the unique login name and password eliminates duplicates if a
> couple users decide to use the same password.

Salt (http://en.wikipedia.org/wiki/Salt_%28cryptography%29) serves the
same purpose.

If you use salt then you have to store it in your db as well (or be
able to derive it from other data in the db entry that will not
change).

If you use the user name as your salt, then if you allow users to
change their user names, you have to re-prompt them for their password
(because you didn't keep it sitting around in memory since they logged
in, did you?).

Also, Pragash, the answers you're finding here may not be what you
were expecting (based on how you phrased your question).  By using a
digest (or cryptographic hash or one-way function -- all the same
thing), you provide no easy means of re-deriving the password from
what was stored in the database.  You asked about an "encrypted
password", which can imply an encryption key that could be used to
perform a decryption to re-generate the password from the data stored
in the database.  You're clearly after high security, so using a digest
+salt is generally the way to go.

Eric

=3D=3D=3D=3D

Ruby training and Rails training available at http://LearnRuby.com .