argon2-simple 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +7 -0
  2. data/README.md +92 -0
  3. data/lib/argon2/simple.rb +85 -0
  4. metadata +46 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: aa42378563834f98797412c3e4f186260635e601
4
+ data.tar.gz: 30cb086dbc01db9855aeeb01b36c7022b7393330
5
+ SHA512:
6
+ metadata.gz: 4bca1680496f4c9775fc2cbdea611df59fbb304ab7ad9ae7be523891c5fd07d4948b64c9ab0ba1f023fd3ea8c4adf6065de4ae45716948ef8c15a660c717b016
7
+ data.tar.gz: 25544e0be398dbcfa435d7104e5a5c114161103d96bdf074cac974909cb541063dc6c04ee37ad1b08fdc0a5e1944eba57fb6ddc5d452cfa443f769b8110250f1
data/README.md ADDED
@@ -0,0 +1,92 @@
1
+ # Argon2::Simple
2
+
3
+ Argon2::Simple provides a wrapper around Argon2. Argon2::Simple simplifies the
4
+ process of creating passwords hashes and checking submitted passwords against
5
+ those hashes.
6
+
7
+ To hash a password, use the `hash` method:
8
+
9
+ ```
10
+ pw_clear = 'my password'
11
+ hashed = Argon2::Simple.hash(pw_clear)
12
+ puts hashed # => $argon2i$v=19$m=65536,t=2,p=1$K4BXPfBeuZSnqxia/abuRQ$0+jibsWcClNY+HHSXxQlsEi/RboEScY8XM5mh4ehFlA
13
+ ```
14
+ To check a submitted password against the hash, use the `check` method:
15
+
16
+ ```
17
+ # check against clear password
18
+ puts Argon2::Simple.check(pw_clear, hashed) # => true
19
+
20
+ # check against incorrect password
21
+ puts Argon2::Simple.check('whatever', hashed) # => false
22
+ ```
23
+
24
+ Because Argon2 is one of the most secure hashing algorithms in the world, it is
25
+ also one of the slowest. To speed things up, Argon2::Simple caches successful
26
+ password checks. This benefits applications which tend to get the same
27
+ successful passwords repeatedely, such as a web site that stores an
28
+ authentication token in a cookie.
29
+
30
+ By default, Argon2::Simple caches the last 100 successful passwords. You can
31
+ change that limit with the `reset` method. So, for example, to set it to 1,000:
32
+
33
+ ```
34
+ Argon2::Simple.reset 1000
35
+ ```
36
+
37
+ To turn off caching, reset with 0:
38
+
39
+ ```
40
+ Argon2::Simple.reset 0
41
+ ```
42
+
43
+ The following test shows the advantage of caching. The test is run first with the
44
+ default caching of 100, then with no caching.
45
+
46
+ ```
47
+ def tester
48
+ pw_clear = 'my password'
49
+ hashed = Argon2::Simple.hash(pw_clear)
50
+
51
+ puts Benchmark.measure {
52
+ 100.times do
53
+ Argon2::Simple.check(pw_clear, hashed)
54
+ end
55
+ }
56
+ end
57
+
58
+ tester() # run with default cache
59
+ Argon2::Simple.reset 0 # turn off caching
60
+ tester() # run without cache
61
+ ```
62
+
63
+ That outputs benchmarks something like this:
64
+
65
+ ```
66
+ 0.210000 0.050000 0.260000 ( 0.277293)
67
+ 22.040000 4.240000 26.280000 ( 26.440273)
68
+ ```
69
+
70
+ So for just 100 checks, the time went from about 1/20 of a second to over 4
71
+ seconds. Obviously, if your application tends to get a lot of incorrect
72
+ passwords then the cache doesn't help. I'm thinking of adding the feature that
73
+ it can also cache unsuccessful authentication attempts. Let me know if that
74
+ would be helpful.
75
+
76
+ ## Install
77
+
78
+ ```
79
+ gem install argon2-simple
80
+ ```
81
+
82
+ ## Author
83
+
84
+ Mike O'Sullivan
85
+ mike@idocs.com
86
+
87
+ ## History
88
+
89
+ | version | date | notes |
90
+ |---------|--------------|-----------------|
91
+ | 0.0.2 | Nov 10, 2018 | Initial upload. |
92
+
data/lib/argon2/simple.rb ADDED
@@ -0,0 +1,85 @@
1
+ require 'argon2'
2
+ require 'lru_redux'
3
+
4
+ #==============================================================================
5
+ # Argon2::Simple
6
+ #
7
+ module Argon2::Simple
8
+ @@cache = nil
9
+
10
+ ##
11
+ # Resets the cache. By default sets the cache limit to 100:
12
+ #
13
+ # Argon2::Simple.reset
14
+ #
15
+ # The optional parameter sets the cache to the given number. So to set it
16
+ # to 1000:
17
+ #
18
+ # Argon2::Simple.reset 1000
19
+ #
20
+ # To have no cache, set the max to 0:
21
+ #
22
+ # Argon2::Simple.reset 0
23
+ def self.reset(max=100)
24
+ if max > 0
25
+ @@cache = LruRedux::Cache.new(max)
26
+ else
27
+ @@cache = nil
28
+ end
29
+ end
30
+
31
+ # reset
32
+ self.reset
33
+
34
+ ##
35
+ # Accepts a clear password and returns its hashed value.
36
+ #
37
+ # hashed = Argon2::Simple.hash(pw_clear)
38
+ def self.hash(pw_clear)
39
+ return Argon2::Password.new.create(pw_clear)
40
+ end
41
+
42
+ ##
43
+ # Accepts a clear password and a hashed value. Returns true if the clear
44
+ # password matches the hash. Does not throw any exceptions if the hash is
45
+ # not a valid Argon2 hash.
46
+ #
47
+ # ok = Argon2::Simple.check(pw_clear, hashed)
48
+ #
49
+ def self.check(pw_clear, pw_hashed)
50
+ # must have both values as strings
51
+ pw_clear.is_a?(String) or return false
52
+ pw_hashed.is_a?(String) or return false
53
+
54
+ # check cache
55
+ if @@cache
56
+ if acceptables = @@cache[pw_hashed]
57
+ if acceptables[pw_clear]
58
+ return true
59
+ end
60
+ end
61
+ end
62
+
63
+ # It wasn't in the cache, so check the hard way.
64
+ # NOTE: Argon2 crashes if the string being checked isn't a valid hash.
65
+ # That seems stupid to me, because if it's not a valid hash then
66
+ # it's not the right password. But whatever. We handle the exception
67
+ # quietly here by just returning false.
68
+ begin
69
+ if Argon2::Password.verify_password(pw_clear, pw_hashed)
70
+ if @@cache
71
+ @@cache[pw_hashed] ||= LruRedux::Cache.new(10)
72
+ @@cache[pw_hashed][pw_clear] = true
73
+ end
74
+ return true
75
+ else
76
+ return false
77
+ end
78
+ rescue
79
+ return false
80
+ end
81
+ end
82
+ end
83
+ #
84
+ # Argon2::Simple
85
+ #==============================================================================
metadata ADDED
@@ -0,0 +1,46 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: argon2-simple
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.2
5
+ platform: ruby
6
+ authors:
7
+ - Mike O'Sullivan
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2018-11-10 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: Simplifies the process of hashing a password with Argon2 and checking
14
+ if a submitted password matches a hash.
15
+ email: mike@idocs.com
16
+ executables: []
17
+ extensions: []
18
+ extra_rdoc_files: []
19
+ files:
20
+ - README.md
21
+ - lib/argon2/simple.rb
22
+ homepage: https://rubygems.org/gems/argon2-simple
23
+ licenses:
24
+ - MIT
25
+ metadata: {}
26
+ post_install_message:
27
+ rdoc_options: []
28
+ require_paths:
29
+ - lib
30
+ required_ruby_version: !ruby/object:Gem::Requirement
31
+ requirements:
32
+ - - ">="
33
+ - !ruby/object:Gem::Version
34
+ version: '0'
35
+ required_rubygems_version: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - ">="
38
+ - !ruby/object:Gem::Version
39
+ version: '0'
40
+ requirements: []
41
+ rubyforge_project:
42
+ rubygems_version: 2.5.2.1
43
+ signing_key:
44
+ specification_version: 4
45
+ summary: Simple and efficient interface for the Argon2 module
46
+ test_files: []