argon2-simple 0.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +7 -0
  2. data/README.md +92 -0
  3. data/lib/argon2/simple.rb +85 -0
  4. metadata +46 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: aa42378563834f98797412c3e4f186260635e601
4
+ data.tar.gz: 30cb086dbc01db9855aeeb01b36c7022b7393330
5
+ SHA512:
6
+ metadata.gz: 4bca1680496f4c9775fc2cbdea611df59fbb304ab7ad9ae7be523891c5fd07d4948b64c9ab0ba1f023fd3ea8c4adf6065de4ae45716948ef8c15a660c717b016
7
+ data.tar.gz: 25544e0be398dbcfa435d7104e5a5c114161103d96bdf074cac974909cb541063dc6c04ee37ad1b08fdc0a5e1944eba57fb6ddc5d452cfa443f769b8110250f1
data/README.md ADDED
@@ -0,0 +1,92 @@
1
+ # Argon2::Simple
2
+
3
+ Argon2::Simple provides a wrapper around Argon2. Argon2::Simple simplifies the
4
+ process of creating passwords hashes and checking submitted passwords against
5
+ those hashes.
6
+
7
+ To hash a password, use the `hash` method:
8
+
9
+ ```
10
+ pw_clear = 'my password'
11
+ hashed = Argon2::Simple.hash(pw_clear)
12
+ puts hashed # => $argon2i$v=19$m=65536,t=2,p=1$K4BXPfBeuZSnqxia/abuRQ$0+jibsWcClNY+HHSXxQlsEi/RboEScY8XM5mh4ehFlA
13
+ ```
14
+ To check a submitted password against the hash, use the `check` method:
15
+
16
+ ```
17
+ # check against clear password
18
+ puts Argon2::Simple.check(pw_clear, hashed) # => true
19
+
20
+ # check against incorrect password
21
+ puts Argon2::Simple.check('whatever', hashed) # => false
22
+ ```
23
+
24
+ Because Argon2 is one of the most secure hashing algorithms in the world, it is
25
+ also one of the slowest. To speed things up, Argon2::Simple caches successful
26
+ password checks. This benefits applications which tend to get the same
27
+ successful passwords repeatedely, such as a web site that stores an
28
+ authentication token in a cookie.
29
+
30
+ By default, Argon2::Simple caches the last 100 successful passwords. You can
31
+ change that limit with the `reset` method. So, for example, to set it to 1,000:
32
+
33
+ ```
34
+ Argon2::Simple.reset 1000
35
+ ```
36
+
37
+ To turn off caching, reset with 0:
38
+
39
+ ```
40
+ Argon2::Simple.reset 0
41
+ ```
42
+
43
+ The following test shows the advantage of caching. The test is run first with the
44
+ default caching of 100, then with no caching.
45
+
46
+ ```
47
+ def tester
48
+ pw_clear = 'my password'
49
+ hashed = Argon2::Simple.hash(pw_clear)
50
+
51
+ puts Benchmark.measure {
52
+ 100.times do
53
+ Argon2::Simple.check(pw_clear, hashed)
54
+ end
55
+ }
56
+ end
57
+
58
+ tester() # run with default cache
59
+ Argon2::Simple.reset 0 # turn off caching
60
+ tester() # run without cache
61
+ ```
62
+
63
+ That outputs benchmarks something like this:
64
+
65
+ ```
66
+ 0.210000 0.050000 0.260000 ( 0.277293)
67
+ 22.040000 4.240000 26.280000 ( 26.440273)
68
+ ```
69
+
70
+ So for just 100 checks, the time went from about 1/20 of a second to over 4
71
+ seconds. Obviously, if your application tends to get a lot of incorrect
72
+ passwords then the cache doesn't help. I'm thinking of adding the feature that
73
+ it can also cache unsuccessful authentication attempts. Let me know if that
74
+ would be helpful.
75
+
76
+ ## Install
77
+
78
+ ```
79
+ gem install argon2-simple
80
+ ```
81
+
82
+ ## Author
83
+
84
+ Mike O'Sullivan
85
+ mike@idocs.com
86
+
87
+ ## History
88
+
89
+ | version | date | notes |
90
+ |---------|--------------|-----------------|
91
+ | 0.0.2 | Nov 10, 2018 | Initial upload. |
92
+
data/lib/argon2/simple.rb ADDED
@@ -0,0 +1,85 @@
1
+ require 'argon2'
2
+ require 'lru_redux'
3
+
4
+ #==============================================================================
5
+ # Argon2::Simple
6
+ #
7
+ module Argon2::Simple
8
+ @@cache = nil
9
+
10
+ ##
11
+ # Resets the cache. By default sets the cache limit to 100:
12
+ #
13
+ # Argon2::Simple.reset
14
+ #
15
+ # The optional parameter sets the cache to the given number. So to set it
16
+ # to 1000:
17
+ #
18
+ # Argon2::Simple.reset 1000
19
+ #
20
+ # To have no cache, set the max to 0:
21
+ #
22
+ # Argon2::Simple.reset 0
23
+ def self.reset(max=100)
24
+ if max > 0
25
+ @@cache = LruRedux::Cache.new(max)
26
+ else
27
+ @@cache = nil
28
+ end
29
+ end
30
+
31
+ # reset
32
+ self.reset
33
+
34
+ ##
35
+ # Accepts a clear password and returns its hashed value.
36
+ #
37
+ # hashed = Argon2::Simple.hash(pw_clear)
38
+ def self.hash(pw_clear)
39
+ return Argon2::Password.new.create(pw_clear)
40
+ end
41
+
42
+ ##
43
+ # Accepts a clear password and a hashed value. Returns true if the clear
44
+ # password matches the hash. Does not throw any exceptions if the hash is
45
+ # not a valid Argon2 hash.
46
+ #
47
+ # ok = Argon2::Simple.check(pw_clear, hashed)
48
+ #
49
+ def self.check(pw_clear, pw_hashed)
50
+ # must have both values as strings
51
+ pw_clear.is_a?(String) or return false
52
+ pw_hashed.is_a?(String) or return false
53
+
54
+ # check cache
55
+ if @@cache
56
+ if acceptables = @@cache[pw_hashed]
57
+ if acceptables[pw_clear]
58
+ return true
59
+ end
60
+ end
61
+ end
62
+
63
+ # It wasn't in the cache, so check the hard way.
64
+ # NOTE: Argon2 crashes if the string being checked isn't a valid hash.
65
+ # That seems stupid to me, because if it's not a valid hash then
66
+ # it's not the right password. But whatever. We handle the exception
67
+ # quietly here by just returning false.
68
+ begin
69
+ if Argon2::Password.verify_password(pw_clear, pw_hashed)
70
+ if @@cache
71
+ @@cache[pw_hashed] ||= LruRedux::Cache.new(10)
72
+ @@cache[pw_hashed][pw_clear] = true
73
+ end
74
+ return true
75
+ else
76
+ return false
77
+ end
78
+ rescue
79
+ return false
80
+ end
81
+ end
82
+ end
83
+ #
84
+ # Argon2::Simple
85
+ #==============================================================================
metadata ADDED
@@ -0,0 +1,46 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: argon2-simple
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.2
5
+ platform: ruby
6
+ authors:
7
+ - Mike O'Sullivan
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2018-11-10 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: Simplifies the process of hashing a password with Argon2 and checking
14
+ if a submitted password matches a hash.
15
+ email: mike@idocs.com
16
+ executables: []
17
+ extensions: []
18
+ extra_rdoc_files: []
19
+ files:
20
+ - README.md
21
+ - lib/argon2/simple.rb
22
+ homepage: https://rubygems.org/gems/argon2-simple
23
+ licenses:
24
+ - MIT
25
+ metadata: {}
26
+ post_install_message:
27
+ rdoc_options: []
28
+ require_paths:
29
+ - lib
30
+ required_ruby_version: !ruby/object:Gem::Requirement
31
+ requirements:
32
+ - - ">="
33
+ - !ruby/object:Gem::Version
34
+ version: '0'
35
+ required_rubygems_version: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - ">="
38
+ - !ruby/object:Gem::Version
39
+ version: '0'
40
+ requirements: []
41
+ rubyforge_project:
42
+ rubygems_version: 2.5.2.1
43
+ signing_key:
44
+ specification_version: 4
45
+ summary: Simple and efficient interface for the Argon2 module
46
+ test_files: []