argon2id 0.4.1-x86_64-linux → 0.5.0-x86_64-linux
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/README.md +12 -9
- data/lib/argon2id/password.rb +7 -12
- data/lib/argon2id/version.rb +1 -1
- data/test/test_password.rb +6 -12
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 02a369375b9272f4203c2d5e21735f0ef3d850fbd11c1ea9baa8ba6e32a2abbd
|
|
4
|
+
data.tar.gz: e2e0e226b4942eceb84d1e6804ed576533d47a60c5fa43edd591b6962355a35b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4469dd8cbb34923f91576eb9dd06d585d7c29d6ccc3ba71e110b37c4857216c8472cb59d871280251d84fdb04920cad8090ec96a8026c4aa72d2526419ab4e93
|
|
7
|
+
data.tar.gz: 559ff774e5ac902e0050b140ab2d5a629399e8f28dca4b84fee7816f526d8b7e67be8007c234bea2fb1238300fbb82c586d761edd3800edc6d28d02473980400
|
data/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,13 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [0.5.0] - 2024-11-02
|
|
9
|
+
|
|
10
|
+
### Removed
|
|
11
|
+
|
|
12
|
+
- No longer expose the `type` of an encoded hash as it must always be an
|
|
13
|
+
Argon2id hash
|
|
14
|
+
|
|
8
15
|
## [0.4.1] - 2024-11-02
|
|
9
16
|
|
|
10
17
|
### Changed
|
|
@@ -86,6 +93,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
86
93
|
reference C implementation of Argon2, the password-hashing function that won
|
|
87
94
|
the Password Hashing Competition.
|
|
88
95
|
|
|
96
|
+
[0.5.0]: https://github.com/mudge/argon2id/releases/tag/v0.5.0
|
|
89
97
|
[0.4.1]: https://github.com/mudge/argon2id/releases/tag/v0.4.1
|
|
90
98
|
[0.4.0]: https://github.com/mudge/argon2id/releases/tag/v0.4.0
|
|
91
99
|
[0.3.0]: https://github.com/mudge/argon2id/releases/tag/v0.3.0
|
data/README.md
CHANGED
|
@@ -5,7 +5,7 @@ Ruby bindings to [Argon2][], the password-hashing function that won the 2015
|
|
|
5
5
|
|
|
6
6
|
[](https://github.com/mudge/argon2id/actions)
|
|
7
7
|
|
|
8
|
-
**Current version:** 0.
|
|
8
|
+
**Current version:** 0.5.0
|
|
9
9
|
**Bundled Argon2 version:** libargon2.1 (20190702)
|
|
10
10
|
|
|
11
11
|
```ruby
|
|
@@ -135,6 +135,10 @@ password == "opensesame" #=> true
|
|
|
135
135
|
password == "notopensesame" #=> false
|
|
136
136
|
```
|
|
137
137
|
|
|
138
|
+
> [!WARNING]
|
|
139
|
+
> `Argon2id::Password.new` does not support hashes generated from other Argon2
|
|
140
|
+
> variants such as Argon2i and Argon2d.
|
|
141
|
+
|
|
138
142
|
For compatibility with [bcrypt-ruby][], `Argon2id::Password#==` is aliased to `Argon2id::Password.is_password?`:
|
|
139
143
|
|
|
140
144
|
```ruby
|
|
@@ -147,7 +151,6 @@ The various parts of the encoded hash can be retrieved:
|
|
|
147
151
|
|
|
148
152
|
```ruby
|
|
149
153
|
password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
|
|
150
|
-
password.type #=> "argon2id"
|
|
151
154
|
password.version #=> 19
|
|
152
155
|
password.m_cost #=> 256
|
|
153
156
|
password.t_cost #=> 2
|
|
@@ -198,11 +201,11 @@ notes](https://github.com/mudge/argon2id/releases) for each version and can be
|
|
|
198
201
|
checked with `sha256sum`, e.g.
|
|
199
202
|
|
|
200
203
|
```console
|
|
201
|
-
$ gem fetch argon2id -v 0.4.
|
|
202
|
-
Fetching argon2id-0.4.
|
|
203
|
-
Downloaded argon2id-0.4.
|
|
204
|
-
$ sha256sum argon2id-0.4.
|
|
205
|
-
|
|
204
|
+
$ gem fetch argon2id -v 0.4.1
|
|
205
|
+
Fetching argon2id-0.4.1-arm64-darwin.gem
|
|
206
|
+
Downloaded argon2id-0.4.1-arm64-darwin
|
|
207
|
+
$ sha256sum argon2id-0.4.1-arm64-darwin.gem
|
|
208
|
+
c74c06c2c4ce70d6c3822f05d83bab4ea431dd16ec086c9c856da3c6e0d9bbe9 argon2id-0.4.1-arm64-darwin.gem
|
|
206
209
|
```
|
|
207
210
|
|
|
208
211
|
[GPG](https://www.gnupg.org/) signatures are attached to each release (the
|
|
@@ -212,8 +215,8 @@ from a public keyserver, e.g. `gpg --keyserver keyserver.ubuntu.com --recv-key
|
|
|
212
215
|
0x39AC3530070E0F75`):
|
|
213
216
|
|
|
214
217
|
```console
|
|
215
|
-
$ gpg --verify argon2id-0.4.
|
|
216
|
-
gpg: Signature made Sat 2 Nov
|
|
218
|
+
$ gpg --verify argon2id-0.4.1-arm64-darwin.gem.sig argon2id-0.4.1-arm64-darwin.gem
|
|
219
|
+
gpg: Signature made Sat 2 Nov 20:50:54 2024 GMT
|
|
217
220
|
gpg: using RSA key 702609D9C790F45B577D7BEC39AC3530070E0F75
|
|
218
221
|
gpg: Good signature from "Paul Mucur <mudge@mudge.name>" [unknown]
|
|
219
222
|
gpg: aka "Paul Mucur <paul@ghostcassette.com>" [unknown]
|
data/lib/argon2id/password.rb
CHANGED
|
@@ -25,7 +25,6 @@ module Argon2id
|
|
|
25
25
|
#
|
|
26
26
|
# You can read various parameters out of a password hash:
|
|
27
27
|
#
|
|
28
|
-
# password.type #=> "argon2id"
|
|
29
28
|
# password.version #=> 19
|
|
30
29
|
# password.m_cost #=> 19456
|
|
31
30
|
# password.t_cost #=> 2
|
|
@@ -36,7 +35,7 @@ module Argon2id
|
|
|
36
35
|
PATTERN = %r{
|
|
37
36
|
\A
|
|
38
37
|
\$
|
|
39
|
-
|
|
38
|
+
argon2id
|
|
40
39
|
(?:\$v=(\d+))?
|
|
41
40
|
\$m=(\d+)
|
|
42
41
|
,t=(\d+)
|
|
@@ -51,9 +50,6 @@ module Argon2id
|
|
|
51
50
|
# The encoded password hash.
|
|
52
51
|
attr_reader :encoded
|
|
53
52
|
|
|
54
|
-
# The type of the hashing function.
|
|
55
|
-
attr_reader :type
|
|
56
|
-
|
|
57
53
|
# The version number of the hashing function.
|
|
58
54
|
attr_reader :version
|
|
59
55
|
|
|
@@ -113,13 +109,12 @@ module Argon2id
|
|
|
113
109
|
raise ArgumentError, "invalid hash" unless PATTERN =~ String(encoded)
|
|
114
110
|
|
|
115
111
|
@encoded = $&
|
|
116
|
-
@
|
|
117
|
-
@
|
|
118
|
-
@
|
|
119
|
-
@
|
|
120
|
-
@
|
|
121
|
-
@
|
|
122
|
-
@output = $7.unpack1("m")
|
|
112
|
+
@version = Integer($1 || 0x10)
|
|
113
|
+
@m_cost = Integer($2)
|
|
114
|
+
@t_cost = Integer($3)
|
|
115
|
+
@parallelism = Integer($4)
|
|
116
|
+
@salt = $5.unpack1("m")
|
|
117
|
+
@output = $6.unpack1("m")
|
|
123
118
|
end
|
|
124
119
|
|
|
125
120
|
# Return the encoded password hash.
|
data/lib/argon2id/version.rb
CHANGED
data/test/test_password.rb
CHANGED
|
@@ -98,6 +98,12 @@ class TestPassword < Minitest::Test
|
|
|
98
98
|
end
|
|
99
99
|
end
|
|
100
100
|
|
|
101
|
+
def test_raises_for_non_argon2id_hashes
|
|
102
|
+
assert_raises(ArgumentError) do
|
|
103
|
+
Argon2id::Password.new("$argon2i$v=19$m=256,t=2,p=1$c29tZXNhbHQ$iekCn0Y3spW+sCcFanM2xBT63UP2sghkUoHLIUpWRS8")
|
|
104
|
+
end
|
|
105
|
+
end
|
|
106
|
+
|
|
101
107
|
def test_salt_supports_versionless_hashes
|
|
102
108
|
password = Argon2id::Password.new("$argon2id$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
|
|
103
109
|
|
|
@@ -110,18 +116,6 @@ class TestPassword < Minitest::Test
|
|
|
110
116
|
assert Argon2id::Password.new(password) == "password"
|
|
111
117
|
end
|
|
112
118
|
|
|
113
|
-
def test_extracting_type_from_hash
|
|
114
|
-
password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
|
|
115
|
-
|
|
116
|
-
assert_equal "argon2id", password.type
|
|
117
|
-
end
|
|
118
|
-
|
|
119
|
-
def test_extracting_type_from_argoni_hash
|
|
120
|
-
password = Argon2id::Password.new("$argon2i$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
|
|
121
|
-
|
|
122
|
-
assert_equal "argon2i", password.type
|
|
123
|
-
end
|
|
124
|
-
|
|
125
119
|
def test_extracting_version_from_hash
|
|
126
120
|
password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
|
|
127
121
|
|