armor 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +83 -0
- data/lib/armor.rb +16 -1
- data/tests/armor_test.rb +8 -0
- metadata +4 -4
- data/README +0 -17
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2d116e5cf49bf377e2dedebf1d2a1d38732d307a
|
|
4
|
+
data.tar.gz: 403a41018b14c74e855b1e3ae0de45230e4157db
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cb983fca676a1998fc38edc16e3ae640c99c9052b7d9d2e2212f79b3e3c11e0bf8eca78f7438242c956cb987c4b27c3802a5a9e43e77cb4255a71f64c9e272a2
|
|
7
|
+
data.tar.gz: 3354c524a11f35d420eb5c23f06d08a5870007905ae4a1762268de53be43263e963ac306db21a2022c3114f02e0689724f2af5a068698ae8bb55951ee8a72c02
|
data/README.md
ADDED
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
Armor
|
|
2
|
+
=====
|
|
3
|
+
|
|
4
|
+
[Shield][shield]'s partner in crime.
|
|
5
|
+
|
|
6
|
+
[shield]: http://cyx.github.io/shield/
|
|
7
|
+
|
|
8
|
+
Description
|
|
9
|
+
-----------
|
|
10
|
+
|
|
11
|
+
Armor is a pure Ruby implementation of [PBKDF2][pbkdf2], a
|
|
12
|
+
password-based key derivation function recommended for the
|
|
13
|
+
protection of electronically-stored data.
|
|
14
|
+
|
|
15
|
+
[pbkdf2]: http://en.wikipedia.org/wiki/PBKDF2
|
|
16
|
+
|
|
17
|
+
Basic Use
|
|
18
|
+
---------
|
|
19
|
+
|
|
20
|
+
Simply pass in the password and salt, and you'll get
|
|
21
|
+
the derived key, i.e.
|
|
22
|
+
|
|
23
|
+
```ruby
|
|
24
|
+
result = Armor.digest("password1", "salt")
|
|
25
|
+
|
|
26
|
+
# You can now store this in your database, together with your salt.
|
|
27
|
+
User.create(email: "foo@bar.com", crypted_password: result, salt: "salt")
|
|
28
|
+
|
|
29
|
+
# Or you can do it shield style and compress the password into one
|
|
30
|
+
# field by utilizing a constant length salt, e.g.
|
|
31
|
+
salt = SecureRandom.hex(32) # 64 characters
|
|
32
|
+
result = Armor.digest("password1", salt)
|
|
33
|
+
|
|
34
|
+
User.create(email: "foo@bar.com", crypted_password: result + salt)
|
|
35
|
+
```
|
|
36
|
+
|
|
37
|
+
Advanced Usage
|
|
38
|
+
--------------
|
|
39
|
+
|
|
40
|
+
Armor comes with some very sane defaults, namely:
|
|
41
|
+
|
|
42
|
+
1. Number of iterations:
|
|
43
|
+
|
|
44
|
+
ENV['ARMOR_ITER'] || 5000
|
|
45
|
+
|
|
46
|
+
2. Hashing function to be used:
|
|
47
|
+
|
|
48
|
+
ENV['ARMOR_HASH'] || 'sha512'
|
|
49
|
+
|
|
50
|
+
This line will run your app in a different configuration:
|
|
51
|
+
|
|
52
|
+
```
|
|
53
|
+
$ ARMOR_HASH=sha1 ARMOR_ITER=50_000 rackup
|
|
54
|
+
```
|
|
55
|
+
|
|
56
|
+
Measuring the target slowness
|
|
57
|
+
-----------------------------
|
|
58
|
+
|
|
59
|
+
So the main reason for PBKDF2 is to slow down the hashing function. Normally
|
|
60
|
+
you would measure the desired average time delay that you want, i.e. 50ms.
|
|
61
|
+
|
|
62
|
+
For this, you can use the command line tool to quickly estimate a good
|
|
63
|
+
iteration value:
|
|
64
|
+
|
|
65
|
+
```
|
|
66
|
+
$ armor 5000
|
|
67
|
+
Iterations: 5000, Time: 0.12
|
|
68
|
+
|
|
69
|
+
$ armor 10000
|
|
70
|
+
Iterations: 10000, Time: 0.24
|
|
71
|
+
|
|
72
|
+
$ armor 20000
|
|
73
|
+
Iterations: 20000, Time: 0.48
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
Installation
|
|
77
|
+
------------
|
|
78
|
+
|
|
79
|
+
As usual, you can install it using rubygems.
|
|
80
|
+
|
|
81
|
+
```
|
|
82
|
+
$ gem install armor
|
|
83
|
+
```
|
data/lib/armor.rb
CHANGED
|
@@ -92,7 +92,22 @@ module Armor
|
|
|
92
92
|
ret
|
|
93
93
|
end
|
|
94
94
|
|
|
95
|
-
|
|
95
|
+
# Time-attack safe comparison operator.
|
|
96
|
+
#
|
|
97
|
+
# @see http://bit.ly/WHHHz1
|
|
98
|
+
def self.compare(a, b)
|
|
99
|
+
return false unless a.length == b.length
|
|
100
|
+
|
|
101
|
+
cmp = b.bytes.to_a
|
|
102
|
+
result = 0
|
|
103
|
+
|
|
104
|
+
a.bytes.each_with_index do |char, index|
|
|
105
|
+
result |= char ^ cmp[index]
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
return result == 0
|
|
109
|
+
end
|
|
110
|
+
|
|
96
111
|
def self.xor(a, b)
|
|
97
112
|
result = "".encode("ASCII-8BIT")
|
|
98
113
|
|
data/tests/armor_test.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: armor
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Cyril David
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2013-04-
|
|
12
|
+
date: 2013-04-15 00:00:00.000000000 Z
|
|
13
13
|
dependencies: []
|
|
14
14
|
description: A PBKDF2 pure ruby implementation.
|
|
15
15
|
email:
|
|
@@ -19,7 +19,7 @@ executables: []
|
|
|
19
19
|
extensions: []
|
|
20
20
|
extra_rdoc_files: []
|
|
21
21
|
files:
|
|
22
|
-
- README
|
|
22
|
+
- README.md
|
|
23
23
|
- LICENSE
|
|
24
24
|
- makefile
|
|
25
25
|
- lib/armor.rb
|
|
@@ -46,7 +46,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
46
46
|
version: '0'
|
|
47
47
|
requirements: []
|
|
48
48
|
rubyforge_project:
|
|
49
|
-
rubygems_version: 2.0.
|
|
49
|
+
rubygems_version: 2.0.3
|
|
50
50
|
signing_key:
|
|
51
51
|
specification_version: 4
|
|
52
52
|
summary: shield's partner in crime.
|