Removing SHA1 passwords from RubyGems.org

When the RubyGems.org Rails app was created in 2009, the “standard” way to store passwords was to use the SHA1 hashing algorithm. While there were limited academic attacks against SHA1 published as early as 2005, practical attacks didn’t arrive until the mid-2010s. Today, SHA1 is is widely considered insecure, and there are much better options available.RubyGems.org switched to using BCrypt by default for new accounts in 2013. As part of that switch, users from before 2013 are automatically migrated from SHA1 to BCrypt the next time they log in. In the coming days, RubyGems.org will be removing the remaining SHA1 passwords for any user who has not logged in to their account since 2013.
Removing SHA1 passwords from RubyGems.org #ruby #rails #rubyonrails #bosnia #programming #tutorials #rubydeveloper #railsdeveloper

Nezir Zahirovic

Freelance software developer Ruby On Rails (4 years) / MCPD .Net / C# / Asp.Net / CSS / SQL / (11 years)

related articles