I found some code that uses String.crypt to hash passwords (yikes!), so I played around with a way that I could check a password against a BCrypt hash as well as the old String.crypt hashes.
What I found surprised me. The following method seems to work fine for both BCrypt hashes and String.crypt hashes, but I don't know why:
def check_password(password, stored_hash) password.crypt(stored_hash) == stored_hashendTrying it out:
string_crypt_pass = "mysuperpass".crypt("$1$abasasa")bcrypt_pass = BCrypt::Password.create("mysuperpass").to_scheck_password("mysuperpass", string_crypt_pass) #truecheck_password("mywrongpass", string_crypt_pass) #falsecheck_password("mysuperpass", bcrypt_pass) #truecheck_password("mywrongpass", bcrypt_pass) #falseHow does this work?