armor 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +83 -0
- data/lib/armor.rb +16 -1
- data/tests/armor_test.rb +8 -0
- metadata +4 -4
- data/README +0 -17
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2d116e5cf49bf377e2dedebf1d2a1d38732d307a
|
|
4
|
+
data.tar.gz: 403a41018b14c74e855b1e3ae0de45230e4157db
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cb983fca676a1998fc38edc16e3ae640c99c9052b7d9d2e2212f79b3e3c11e0bf8eca78f7438242c956cb987c4b27c3802a5a9e43e77cb4255a71f64c9e272a2
|
|
7
|
+
data.tar.gz: 3354c524a11f35d420eb5c23f06d08a5870007905ae4a1762268de53be43263e963ac306db21a2022c3114f02e0689724f2af5a068698ae8bb55951ee8a72c02
|
data/README.md
ADDED
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
Armor
|
|
2
|
+
=====
|
|
3
|
+
|
|
4
|
+
[Shield][shield]'s partner in crime.
|
|
5
|
+
|
|
6
|
+
[shield]: http://cyx.github.io/shield/
|
|
7
|
+
|
|
8
|
+
Description
|
|
9
|
+
-----------
|
|
10
|
+
|
|
11
|
+
Armor is a pure Ruby implementation of [PBKDF2][pbkdf2], a
|
|
12
|
+
password-based key derivation function recommended for the
|
|
13
|
+
protection of electronically-stored data.
|
|
14
|
+
|
|
15
|
+
[pbkdf2]: http://en.wikipedia.org/wiki/PBKDF2
|
|
16
|
+
|
|
17
|
+
Basic Use
|
|
18
|
+
---------
|
|
19
|
+
|
|
20
|
+
Simply pass in the password and salt, and you'll get
|
|
21
|
+
the derived key, i.e.
|
|
22
|
+
|
|
23
|
+
```ruby
|
|
24
|
+
result = Armor.digest("password1", "salt")
|
|
25
|
+
|
|
26
|
+
# You can now store this in your database, together with your salt.
|
|
27
|
+
User.create(email: "foo@bar.com", crypted_password: result, salt: "salt")
|
|
28
|
+
|
|
29
|
+
# Or you can do it shield style and compress the password into one
|
|
30
|
+
# field by utilizing a constant length salt, e.g.
|
|
31
|
+
salt = SecureRandom.hex(32) # 64 characters
|
|
32
|
+
result = Armor.digest("password1", salt)
|
|
33
|
+
|
|
34
|
+
User.create(email: "foo@bar.com", crypted_password: result + salt)
|
|
35
|
+
```
|
|
36
|
+
|
|
37
|
+
Advanced Usage
|
|
38
|
+
--------------
|
|
39
|
+
|
|
40
|
+
Armor comes with some very sane defaults, namely:
|
|
41
|
+
|
|
42
|
+
1. Number of iterations:
|
|
43
|
+
|
|
44
|
+
ENV['ARMOR_ITER'] || 5000
|
|
45
|
+
|
|
46
|
+
2. Hashing function to be used:
|
|
47
|
+
|
|
48
|
+
ENV['ARMOR_HASH'] || 'sha512'
|
|
49
|
+
|
|
50
|
+
This line will run your app in a different configuration:
|
|
51
|
+
|
|
52
|
+
```
|
|
53
|
+
$ ARMOR_HASH=sha1 ARMOR_ITER=50_000 rackup
|
|
54
|
+
```
|
|
55
|
+
|
|
56
|
+
Measuring the target slowness
|
|
57
|
+
-----------------------------
|
|
58
|
+
|
|
59
|
+
So the main reason for PBKDF2 is to slow down the hashing function. Normally
|
|
60
|
+
you would measure the desired average time delay that you want, i.e. 50ms.
|
|
61
|
+
|
|
62
|
+
For this, you can use the command line tool to quickly estimate a good
|
|
63
|
+
iteration value:
|
|
64
|
+
|
|
65
|
+
```
|
|
66
|
+
$ armor 5000
|
|
67
|
+
Iterations: 5000, Time: 0.12
|
|
68
|
+
|
|
69
|
+
$ armor 10000
|
|
70
|
+
Iterations: 10000, Time: 0.24
|
|
71
|
+
|
|
72
|
+
$ armor 20000
|
|
73
|
+
Iterations: 20000, Time: 0.48
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
Installation
|
|
77
|
+
------------
|
|
78
|
+
|
|
79
|
+
As usual, you can install it using rubygems.
|
|
80
|
+
|
|
81
|
+
```
|
|
82
|
+
$ gem install armor
|
|
83
|
+
```
|
data/lib/armor.rb
CHANGED
|
@@ -92,7 +92,22 @@ module Armor
|
|
|
92
92
|
ret
|
|
93
93
|
end
|
|
94
94
|
|
|
95
|
-
|
|
95
|
+
# Time-attack safe comparison operator.
|
|
96
|
+
#
|
|
97
|
+
# @see http://bit.ly/WHHHz1
|
|
98
|
+
def self.compare(a, b)
|
|
99
|
+
return false unless a.length == b.length
|
|
100
|
+
|
|
101
|
+
cmp = b.bytes.to_a
|
|
102
|
+
result = 0
|
|
103
|
+
|
|
104
|
+
a.bytes.each_with_index do |char, index|
|
|
105
|
+
result |= char ^ cmp[index]
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
return result == 0
|
|
109
|
+
end
|
|
110
|
+
|
|
96
111
|
def self.xor(a, b)
|
|
97
112
|
result = "".encode("ASCII-8BIT")
|
|
98
113
|
|
data/tests/armor_test.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: armor
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Cyril David
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2013-04-
|
|
12
|
+
date: 2013-04-15 00:00:00.000000000 Z
|
|
13
13
|
dependencies: []
|
|
14
14
|
description: A PBKDF2 pure ruby implementation.
|
|
15
15
|
email:
|
|
@@ -19,7 +19,7 @@ executables: []
|
|
|
19
19
|
extensions: []
|
|
20
20
|
extra_rdoc_files: []
|
|
21
21
|
files:
|
|
22
|
-
- README
|
|
22
|
+
- README.md
|
|
23
23
|
- LICENSE
|
|
24
24
|
- makefile
|
|
25
25
|
- lib/armor.rb
|
|
@@ -46,7 +46,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
46
46
|
version: '0'
|
|
47
47
|
requirements: []
|
|
48
48
|
rubyforge_project:
|
|
49
|
-
rubygems_version: 2.0.
|
|
49
|
+
rubygems_version: 2.0.3
|
|
50
50
|
signing_key:
|
|
51
51
|
specification_version: 4
|
|
52
52
|
summary: shield's partner in crime.
|