argon2-simple 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/README.md +92 -0
- data/lib/argon2/simple.rb +85 -0
- metadata +46 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: aa42378563834f98797412c3e4f186260635e601
|
4
|
+
data.tar.gz: 30cb086dbc01db9855aeeb01b36c7022b7393330
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 4bca1680496f4c9775fc2cbdea611df59fbb304ab7ad9ae7be523891c5fd07d4948b64c9ab0ba1f023fd3ea8c4adf6065de4ae45716948ef8c15a660c717b016
|
7
|
+
data.tar.gz: 25544e0be398dbcfa435d7104e5a5c114161103d96bdf074cac974909cb541063dc6c04ee37ad1b08fdc0a5e1944eba57fb6ddc5d452cfa443f769b8110250f1
|
data/README.md
ADDED
@@ -0,0 +1,92 @@
|
|
1
|
+
# Argon2::Simple
|
2
|
+
|
3
|
+
Argon2::Simple provides a wrapper around Argon2. Argon2::Simple simplifies the
|
4
|
+
process of creating passwords hashes and checking submitted passwords against
|
5
|
+
those hashes.
|
6
|
+
|
7
|
+
To hash a password, use the `hash` method:
|
8
|
+
|
9
|
+
```
|
10
|
+
pw_clear = 'my password'
|
11
|
+
hashed = Argon2::Simple.hash(pw_clear)
|
12
|
+
puts hashed # => $argon2i$v=19$m=65536,t=2,p=1$K4BXPfBeuZSnqxia/abuRQ$0+jibsWcClNY+HHSXxQlsEi/RboEScY8XM5mh4ehFlA
|
13
|
+
```
|
14
|
+
To check a submitted password against the hash, use the `check` method:
|
15
|
+
|
16
|
+
```
|
17
|
+
# check against clear password
|
18
|
+
puts Argon2::Simple.check(pw_clear, hashed) # => true
|
19
|
+
|
20
|
+
# check against incorrect password
|
21
|
+
puts Argon2::Simple.check('whatever', hashed) # => false
|
22
|
+
```
|
23
|
+
|
24
|
+
Because Argon2 is one of the most secure hashing algorithms in the world, it is
|
25
|
+
also one of the slowest. To speed things up, Argon2::Simple caches successful
|
26
|
+
password checks. This benefits applications which tend to get the same
|
27
|
+
successful passwords repeatedely, such as a web site that stores an
|
28
|
+
authentication token in a cookie.
|
29
|
+
|
30
|
+
By default, Argon2::Simple caches the last 100 successful passwords. You can
|
31
|
+
change that limit with the `reset` method. So, for example, to set it to 1,000:
|
32
|
+
|
33
|
+
```
|
34
|
+
Argon2::Simple.reset 1000
|
35
|
+
```
|
36
|
+
|
37
|
+
To turn off caching, reset with 0:
|
38
|
+
|
39
|
+
```
|
40
|
+
Argon2::Simple.reset 0
|
41
|
+
```
|
42
|
+
|
43
|
+
The following test shows the advantage of caching. The test is run first with the
|
44
|
+
default caching of 100, then with no caching.
|
45
|
+
|
46
|
+
```
|
47
|
+
def tester
|
48
|
+
pw_clear = 'my password'
|
49
|
+
hashed = Argon2::Simple.hash(pw_clear)
|
50
|
+
|
51
|
+
puts Benchmark.measure {
|
52
|
+
100.times do
|
53
|
+
Argon2::Simple.check(pw_clear, hashed)
|
54
|
+
end
|
55
|
+
}
|
56
|
+
end
|
57
|
+
|
58
|
+
tester() # run with default cache
|
59
|
+
Argon2::Simple.reset 0 # turn off caching
|
60
|
+
tester() # run without cache
|
61
|
+
```
|
62
|
+
|
63
|
+
That outputs benchmarks something like this:
|
64
|
+
|
65
|
+
```
|
66
|
+
0.210000 0.050000 0.260000 ( 0.277293)
|
67
|
+
22.040000 4.240000 26.280000 ( 26.440273)
|
68
|
+
```
|
69
|
+
|
70
|
+
So for just 100 checks, the time went from about 1/20 of a second to over 4
|
71
|
+
seconds. Obviously, if your application tends to get a lot of incorrect
|
72
|
+
passwords then the cache doesn't help. I'm thinking of adding the feature that
|
73
|
+
it can also cache unsuccessful authentication attempts. Let me know if that
|
74
|
+
would be helpful.
|
75
|
+
|
76
|
+
## Install
|
77
|
+
|
78
|
+
```
|
79
|
+
gem install argon2-simple
|
80
|
+
```
|
81
|
+
|
82
|
+
## Author
|
83
|
+
|
84
|
+
Mike O'Sullivan
|
85
|
+
mike@idocs.com
|
86
|
+
|
87
|
+
## History
|
88
|
+
|
89
|
+
| version | date | notes |
|
90
|
+
|---------|--------------|-----------------|
|
91
|
+
| 0.0.2 | Nov 10, 2018 | Initial upload. |
|
92
|
+
|
@@ -0,0 +1,85 @@
|
|
1
|
+
require 'argon2'
|
2
|
+
require 'lru_redux'
|
3
|
+
|
4
|
+
#==============================================================================
|
5
|
+
# Argon2::Simple
|
6
|
+
#
|
7
|
+
module Argon2::Simple
|
8
|
+
@@cache = nil
|
9
|
+
|
10
|
+
##
|
11
|
+
# Resets the cache. By default sets the cache limit to 100:
|
12
|
+
#
|
13
|
+
# Argon2::Simple.reset
|
14
|
+
#
|
15
|
+
# The optional parameter sets the cache to the given number. So to set it
|
16
|
+
# to 1000:
|
17
|
+
#
|
18
|
+
# Argon2::Simple.reset 1000
|
19
|
+
#
|
20
|
+
# To have no cache, set the max to 0:
|
21
|
+
#
|
22
|
+
# Argon2::Simple.reset 0
|
23
|
+
def self.reset(max=100)
|
24
|
+
if max > 0
|
25
|
+
@@cache = LruRedux::Cache.new(max)
|
26
|
+
else
|
27
|
+
@@cache = nil
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
# reset
|
32
|
+
self.reset
|
33
|
+
|
34
|
+
##
|
35
|
+
# Accepts a clear password and returns its hashed value.
|
36
|
+
#
|
37
|
+
# hashed = Argon2::Simple.hash(pw_clear)
|
38
|
+
def self.hash(pw_clear)
|
39
|
+
return Argon2::Password.new.create(pw_clear)
|
40
|
+
end
|
41
|
+
|
42
|
+
##
|
43
|
+
# Accepts a clear password and a hashed value. Returns true if the clear
|
44
|
+
# password matches the hash. Does not throw any exceptions if the hash is
|
45
|
+
# not a valid Argon2 hash.
|
46
|
+
#
|
47
|
+
# ok = Argon2::Simple.check(pw_clear, hashed)
|
48
|
+
#
|
49
|
+
def self.check(pw_clear, pw_hashed)
|
50
|
+
# must have both values as strings
|
51
|
+
pw_clear.is_a?(String) or return false
|
52
|
+
pw_hashed.is_a?(String) or return false
|
53
|
+
|
54
|
+
# check cache
|
55
|
+
if @@cache
|
56
|
+
if acceptables = @@cache[pw_hashed]
|
57
|
+
if acceptables[pw_clear]
|
58
|
+
return true
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
# It wasn't in the cache, so check the hard way.
|
64
|
+
# NOTE: Argon2 crashes if the string being checked isn't a valid hash.
|
65
|
+
# That seems stupid to me, because if it's not a valid hash then
|
66
|
+
# it's not the right password. But whatever. We handle the exception
|
67
|
+
# quietly here by just returning false.
|
68
|
+
begin
|
69
|
+
if Argon2::Password.verify_password(pw_clear, pw_hashed)
|
70
|
+
if @@cache
|
71
|
+
@@cache[pw_hashed] ||= LruRedux::Cache.new(10)
|
72
|
+
@@cache[pw_hashed][pw_clear] = true
|
73
|
+
end
|
74
|
+
return true
|
75
|
+
else
|
76
|
+
return false
|
77
|
+
end
|
78
|
+
rescue
|
79
|
+
return false
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
83
|
+
#
|
84
|
+
# Argon2::Simple
|
85
|
+
#==============================================================================
|
metadata
ADDED
@@ -0,0 +1,46 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: argon2-simple
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.2
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Mike O'Sullivan
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2018-11-10 00:00:00.000000000 Z
|
12
|
+
dependencies: []
|
13
|
+
description: Simplifies the process of hashing a password with Argon2 and checking
|
14
|
+
if a submitted password matches a hash.
|
15
|
+
email: mike@idocs.com
|
16
|
+
executables: []
|
17
|
+
extensions: []
|
18
|
+
extra_rdoc_files: []
|
19
|
+
files:
|
20
|
+
- README.md
|
21
|
+
- lib/argon2/simple.rb
|
22
|
+
homepage: https://rubygems.org/gems/argon2-simple
|
23
|
+
licenses:
|
24
|
+
- MIT
|
25
|
+
metadata: {}
|
26
|
+
post_install_message:
|
27
|
+
rdoc_options: []
|
28
|
+
require_paths:
|
29
|
+
- lib
|
30
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
31
|
+
requirements:
|
32
|
+
- - ">="
|
33
|
+
- !ruby/object:Gem::Version
|
34
|
+
version: '0'
|
35
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
36
|
+
requirements:
|
37
|
+
- - ">="
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
version: '0'
|
40
|
+
requirements: []
|
41
|
+
rubyforge_project:
|
42
|
+
rubygems_version: 2.5.2.1
|
43
|
+
signing_key:
|
44
|
+
specification_version: 4
|
45
|
+
summary: Simple and efficient interface for the Argon2 module
|
46
|
+
test_files: []
|