argon2id 0.9.0-java → 0.10.0-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +14 -0
- data/README.md +1 -1
- data/lib/argon2id/password.rb +4 -3
- data/lib/argon2id/version.rb +1 -1
- data/test/argon2id/test_password.rb +67 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c752158cef0854ab64c00cd3346cc664f71f165cd020d66a7c89e7d1fc94cf95
|
|
4
|
+
data.tar.gz: ba733bbd6d58a4f0d38ce903fcb6394e4b3779d45351d6c4ba9a3b0833ad837d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 01a4ca3f615bbf4a524892e1ec5ed168d01ba77624901488bf324ca23a2d2fc605d449cc7c5686b0a220d2999ef72b772e3c059802ea2a8dab8f5052a45f89c0
|
|
7
|
+
data.tar.gz: d5f4be4cb26348d7163a92dd1ee1fe9ff5a7064e5d3cc30c3ad0e689550f9325f482aa9afbe4bcbec7c44c6c4216274ea87a9148ff2cf5130e92e7132fd8c136
|
data/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,19 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [0.10.0] - 2026-04-06
|
|
9
|
+
|
|
10
|
+
### Changed
|
|
11
|
+
|
|
12
|
+
- Hashing and verifying passwords no longer holds the Ruby Global VM Lock
|
|
13
|
+
during the intentionally expensive computation of the Argon2id hash, allowing
|
|
14
|
+
other threads to do work at the same time.
|
|
15
|
+
- Argon2id::Password objects, their encoded password hash, salt, and hash
|
|
16
|
+
output strings are now all frozen to prevent mutation. Inputs are also now
|
|
17
|
+
frozen ASAP during hashing and verification to prevent mutation before
|
|
18
|
+
passing to the internal C/Java implementation of Argon2.
|
|
19
|
+
- The extension is now flagged as safe to use with Ractors.
|
|
20
|
+
|
|
8
21
|
## [0.9.0] - 2025-12-30
|
|
9
22
|
|
|
10
23
|
### Added
|
|
@@ -151,6 +164,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
151
164
|
reference C implementation of Argon2, the password-hashing function that won
|
|
152
165
|
the Password Hashing Competition.
|
|
153
166
|
|
|
167
|
+
[0.10.0]: https://github.com/mudge/argon2id/releases/tag/v0.10.0
|
|
154
168
|
[0.9.0]: https://github.com/mudge/argon2id/releases/tag/v0.9.0
|
|
155
169
|
[0.8.0]: https://github.com/mudge/argon2id/releases/tag/v0.8.0
|
|
156
170
|
[0.8.0.rc1]: https://github.com/mudge/argon2id/releases/tag/v0.8.0.rc1
|
data/README.md
CHANGED
|
@@ -5,7 +5,7 @@ Ruby bindings to [Argon2][], the password-hashing function that won the 2015
|
|
|
5
5
|
|
|
6
6
|
[](https://github.com/mudge/argon2id/actions)
|
|
7
7
|
|
|
8
|
-
**Current version:** 0.
|
|
8
|
+
**Current version:** 0.10.0
|
|
9
9
|
**Bundled Argon2 version:** libargon2.1 (20190702)
|
|
10
10
|
|
|
11
11
|
```ruby
|
data/lib/argon2id/password.rb
CHANGED
|
@@ -115,13 +115,14 @@ module Argon2id
|
|
|
115
115
|
def initialize(encoded)
|
|
116
116
|
raise ArgumentError, "invalid hash" unless PATTERN =~ String(encoded)
|
|
117
117
|
|
|
118
|
-
@encoded =
|
|
118
|
+
@encoded = $&.freeze
|
|
119
119
|
@version = Integer($1 || 0x10)
|
|
120
120
|
@m_cost = Integer($2)
|
|
121
121
|
@t_cost = Integer($3)
|
|
122
122
|
@parallelism = Integer($4)
|
|
123
|
-
@salt = $5.unpack1("m")
|
|
124
|
-
@output = $6.unpack1("m")
|
|
123
|
+
@salt = $5.unpack1("m").freeze
|
|
124
|
+
@output = $6.unpack1("m").freeze
|
|
125
|
+
freeze
|
|
125
126
|
end
|
|
126
127
|
|
|
127
128
|
# Return the encoded password hash.
|
data/lib/argon2id/version.rb
CHANGED
|
@@ -188,6 +188,42 @@ class TestPassword < Minitest::Test
|
|
|
188
188
|
assert password == "password"
|
|
189
189
|
end
|
|
190
190
|
|
|
191
|
+
def test_new_password_is_frozen
|
|
192
|
+
password = Argon2id::Password.new(
|
|
193
|
+
"$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
|
|
194
|
+
"$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
|
|
195
|
+
)
|
|
196
|
+
|
|
197
|
+
assert password.frozen?
|
|
198
|
+
end
|
|
199
|
+
|
|
200
|
+
def test_encoded_is_frozen
|
|
201
|
+
password = Argon2id::Password.new(
|
|
202
|
+
"$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
|
|
203
|
+
"$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
|
|
204
|
+
)
|
|
205
|
+
|
|
206
|
+
assert password.encoded.frozen?
|
|
207
|
+
end
|
|
208
|
+
|
|
209
|
+
def test_salt_is_frozen
|
|
210
|
+
password = Argon2id::Password.new(
|
|
211
|
+
"$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
|
|
212
|
+
"$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
|
|
213
|
+
)
|
|
214
|
+
|
|
215
|
+
assert password.salt.frozen?
|
|
216
|
+
end
|
|
217
|
+
|
|
218
|
+
def test_output_is_frozen
|
|
219
|
+
password = Argon2id::Password.new(
|
|
220
|
+
"$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
|
|
221
|
+
"$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
|
|
222
|
+
)
|
|
223
|
+
|
|
224
|
+
assert password.output.frozen?
|
|
225
|
+
end
|
|
226
|
+
|
|
191
227
|
def test_encoded_returns_the_full_encoded_hash
|
|
192
228
|
password = Argon2id::Password.new(
|
|
193
229
|
"$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
|
|
@@ -526,6 +562,12 @@ class TestPassword < Minitest::Test
|
|
|
526
562
|
Argon2id.output_len = Argon2id::DEFAULT_OUTPUT_LEN
|
|
527
563
|
end
|
|
528
564
|
|
|
565
|
+
def test_create_password_is_frozen
|
|
566
|
+
password = Argon2id::Password.create("password")
|
|
567
|
+
|
|
568
|
+
assert password.frozen?
|
|
569
|
+
end
|
|
570
|
+
|
|
529
571
|
def test_create_password_equals_correct_password
|
|
530
572
|
password = Argon2id::Password.create("password")
|
|
531
573
|
|
|
@@ -538,6 +580,31 @@ class TestPassword < Minitest::Test
|
|
|
538
580
|
refute password == "differentpassword"
|
|
539
581
|
end
|
|
540
582
|
|
|
583
|
+
def test_create_is_thread_safe
|
|
584
|
+
threads = 10.times.map do |i|
|
|
585
|
+
Thread.new(i) do |n|
|
|
586
|
+
password = Argon2id::Password.create("password-#{n}", t_cost: 2, m_cost: 256, parallelism: 1)
|
|
587
|
+
assert password == "password-#{n}"
|
|
588
|
+
end
|
|
589
|
+
end
|
|
590
|
+
|
|
591
|
+
threads.each(&:value)
|
|
592
|
+
end
|
|
593
|
+
|
|
594
|
+
def test_verify_is_thread_safe
|
|
595
|
+
hash = Argon2id::Password.create("password", t_cost: 2, m_cost: 256, parallelism: 1).to_s
|
|
596
|
+
|
|
597
|
+
threads = 10.times.map do |i|
|
|
598
|
+
Thread.new do
|
|
599
|
+
password = Argon2id::Password.new(hash)
|
|
600
|
+
assert password == "password"
|
|
601
|
+
refute password == "wrong"
|
|
602
|
+
end
|
|
603
|
+
end
|
|
604
|
+
|
|
605
|
+
threads.each(&:value)
|
|
606
|
+
end
|
|
607
|
+
|
|
541
608
|
def test_hashing_password_verifies_correct_password
|
|
542
609
|
hash = Argon2id::Password.create("password").to_s
|
|
543
610
|
password = Argon2id::Password.new(hash)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: argon2id
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.10.0
|
|
5
5
|
platform: java
|
|
6
6
|
authors:
|
|
7
7
|
- Paul Mucur
|
|
@@ -95,7 +95,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
96
|
version: '0'
|
|
97
97
|
requirements: []
|
|
98
|
-
rubygems_version: 4.0.
|
|
98
|
+
rubygems_version: 4.0.6
|
|
99
99
|
specification_version: 4
|
|
100
100
|
summary: Ruby bindings to Argon2
|
|
101
101
|
test_files: []
|