RubyGems - attribute_queryable_encrypted - Versions diffs - 0.0.1 → 0.0.2 - Mend

attribute_queryable_encrypted 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

data/lib/attribute_queryable_encrypted/adapters/active_record.rb +2 -6
data/lib/attribute_queryable_encrypted/core_ext/prefix.rb +1 -1
data/lib/attribute_queryable_encrypted/core_ext/stretch_digest.rb +1 -0
data/lib/attribute_queryable_encrypted/version.rb +1 -1
data/readme.md +5 -3
metadata +3 -3

data/lib/attribute_queryable_encrypted/adapters/active_record.rb CHANGED Viewed

@@ -27,14 +27,10 @@ module AttributeQueryableEncrypted
               end
             end
-            singleton = class << self
-              self
-            end
             alias_method "original_find_by_#{attribute}", "find_by_#{attribute}" if respond_to?(attribute)
-            singleton.send(:define_method, "find_all_by_#{[options[:prefix], attribute].join('_')}", find_all_by_method)
-            singleton.send(:define_method, "find_by_#{attribute}", find_by_method)
+            define_singleton_method "find_all_by_#{[options[:prefix], attribute].join('_')}", find_all_by_method
+            define_singleton_method "find_by_#{attribute}", find_by_method
           end
         end

data/lib/attribute_queryable_encrypted/core_ext/prefix.rb CHANGED Viewed

@@ -11,7 +11,7 @@ module AttributeQueryableEncrypted
       # "This is a string".prefix_length("75%") => 12
       #
       def prefix_length(requested_length)
-        requested_length.is_a?(Numeric) ? length.lower(requested_length) : (length/(100/requested_length.match(/^([0-9.]+)%$/)[0].to_f)).ceil
+        requested_length.is_a?(Numeric) ? length.lower(requested_length) : (length/(100/requested_length.match(/^([0-9.]+)%?$/)[0].to_f)).ceil
       end
       def prefix(requested_length)

data/lib/attribute_queryable_encrypted/core_ext/stretch_digest.rb CHANGED Viewed

@@ -2,6 +2,7 @@ module AttributeQueryableEncrypted
   module CoreExt
     module StretchDigest
       def stretch_digest(options={})
+        options = options.dup
         options[:digest] ||= Digest::SHA2
         options[:stretches] ||= 1

data/lib/attribute_queryable_encrypted/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AttributeQueryableEncrypted
-  VERSION = "0.0.1"
+  VERSION = "0.0.2"
 end

data/readme.md CHANGED Viewed

@@ -2,7 +2,7 @@ AttributeQueryableEncrypted
 ===========================
 Assigns a digest-hashed value to an attribute writer using a portion of the value assigned to each attribute's normal writer. The digest-hashed prefix can then be used to identify other objects with the same prefix without revealing the underlying value.
-AttributeQueryableEncrypted was inspried by shuber's excellent [attr_encrypted](https://github.com/shuber/attr_encrypted) gem, and aims for compatibility. It attempts to addresses a shortcoming of encryption, where encrypted columns are queryable when unsalted, but attackable using a precomputed "rainbow table".
+AttributeQueryableEncrypted was inspried by shuber's excellent [attr_encrypted](https://github.com/shuber/attr_encrypted) gem, and aims for compatibility. It attempts to addresses a shortcoming of unsalted encryption, where encrypted columns are queryable, but attackable using a precomputed "rainbow table". By exposing only a portion of the unsalted encrypted data to precomputed attacks, AttributeQueryableEncrypted reduces the need for a full-table scan on encrypted data.
 Selecting multiple candidates with matching prefix digests and subsequently decrypting the full salted/encrypted data field to find a exact match will reduce the need for a full table scan. You should use attr_encrypted, or your own crypto logic, to handle encrypting and decrypting the appropriate full data field.
@@ -50,20 +50,22 @@ Options:
 * :encode     - Base64 encode the digest hash, suitable for database persistence. Default is false.
 * :stretches  - an integer number of iterations through the digest algorithm. More will reduce the ease of a precomputed attack. Default is 3.
 * :key        - an optional key to salt the digest algorithm. Default is nil.
+* :digest     - the Digest class to use. Must respond to #update. Default is Digest::SHA2.
 If you choose to use :stretches and/or :key, you should keep their values secret.
 Requirements:
 -------------
+* Ruby >= 1.9
 * ActiveSupport >= 3.0
 * ActiveRecord >= 3.0 for ActiveRecord usage
 Warnings
 --------
-* This technique is not without shortcomings, notably that the prefix digest is subject to a precomputed attack.
+* This technique is not without shortcomings, notably that the entire prefix digest is subject to a precomputed attack.
 * You should consider using secret values for :stretches and :key, and setting the :length option to a level that obscures an appropriate amount of your data without potentially giving away too much.
 * Increasing :stretches incurs a small performance penalty.
-* Decreasing :length can return more records in the initial matched set, potentially decreasing performance.
+* Decreasing :length can return more records in the initial matched set, potentially decreasing performance. Increasing :length makes more of the data subject to a precomputed attack.
 Copyright
 ---------

metadata CHANGED Viewed

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments:
   - 0
   - 0
-  - 1
-  version: 0.0.1
+  - 2
+  version: 0.0.2
 platform: ruby
 authors:
 - Scott Burton
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-11-16 00:00:00 -08:00
+date: 2011-11-17 00:00:00 -08:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency