Class Methods
This provides a modest increased defense against a dictionary attack if your db were ever compromised, but will invalidate existing passwords. See the README and the file config/initializers/site_keys.rb
It may not be obvious, but if you set REST_AUTH_SITE_KEY to nil and REST_AUTH_DIGEST_STRETCHES to 1 you’ll have backwards compatibility with older versions of restful-authentication.
# File lib/authentication/by_password.rb, line 30 def password_digest(password, salt) digest = REST_AUTH_SITE_KEY REST_AUTH_DIGEST_STRETCHES.times do digest = secure_digest(digest, salt, password, REST_AUTH_SITE_KEY) end digest end