In the following code there is a comparison of the password stored in the database with the password entered by the user. Since the salt is created by appending a random number, how come it matches with what is stored in the database?
def self.authenticate(name, password) user = self.find_by_name(name) if user expected_password = encrypted_password(password, user.salt) if user.hashed_password != expected_password user = nil end end user
create_new_salt self.hashed_password = User.encrypted_password(self.password, self.salt) end private def self.encrypted_password(password, salt) string_to_hash = password + "wibble" + salt # 'wibble' makes it harder to guess Digest::SHA1.hexdigest(string_to_hash) end def create_new_salt self.salt = self.object_id.to_s + rand.to_s end end
TIA.
