Use SHA512 instead of BCrypt

Gemfile

@@ -24,8 +24,12 @@ gem 'jbuilder', '~> 2.7'
 # Use Active Model has_secure_password
 # gem 'bcrypt', '~> 3.1.7'
 
+# Authentication gem (uses bcrypt by default)
 gem 'devise', '4.7.1'
 
+# Needed to encrypt passwords with something else than bcrypt
+gem 'devise-encryptable', '0.2.0'
+
 # Use Active Storage variant
 # gem 'image_processing', '~> 1.2'
 

Gemfile.lock

@@ -81,6 +81,8 @@ GEM
       railties (>= 4.1.0)
       responders
       warden (~> 1.2.3)
+    devise-encryptable (0.2.0)
+      devise (>= 2.1.0)
     erubi (1.9.0)
     ffi (1.12.2)
     ffi (1.12.2-x64-mingw32)
@@ -214,6 +216,7 @@ DEPENDENCIES
   byebug
   capybara (>= 2.15)
   devise (= 4.7.1)
+  devise-encryptable (= 0.2.0)
   jbuilder (~> 2.7)
   puma (~> 4.1)
   rails (= 6.0.2.1)

config/initializers/devise.rb

@@ -111,7 +111,7 @@ Devise.setup do |config|
   # a value less than 10 in other environments. Note that, for bcrypt (the default
   # algorithm), the cost increases exponentially with the number of stretches (e.g.
   # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
-  config.stretches = Rails.env.test? ? 1 : 11
+  config.stretches = Rails.env.test? ? 1 : 20
 
   # Set up a pepper to generate the hashed password.
   # config.pepper = '70d5aace7d4050ced64a822bb49136b1bb2c7238e652c90161da45bcebe0cc49973f3736ee192240ed46eba84e6731595baef18def2a969397ab76bc120897f8'
@@ -226,7 +226,7 @@ Devise.setup do |config|
   # stretches to 10, and copy REST_AUTH_SITE_KEY to pepper).
   #
   # Require the `devise-encryptable` gem when using anything other than bcrypt
-  # config.encryptor = :sha512
+  config.encryptor = :sha512
 
   # ==> Scopes configuration
   # Turn scoped views on. Before rendering "sessions/new", it will first check for