RubyGems - attribute_queryable_encrypted - Versions diffs - 0.0.1 → 0.0.2 - Mend

attribute_queryable_encrypted 0.0.1 → 0.0.2

Files changed (6) hide show

data/lib/attribute_queryable_encrypted/adapters/active_record.rb +2 -6
data/lib/attribute_queryable_encrypted/core_ext/prefix.rb +1 -1
data/lib/attribute_queryable_encrypted/core_ext/stretch_digest.rb +1 -0
data/lib/attribute_queryable_encrypted/version.rb +1 -1
data/readme.md +5 -3
metadata +3 -3

data/lib/attribute_queryable_encrypted/adapters/active_record.rb CHANGED Viewed

@@ -27,14 +27,10 @@ module AttributeQueryableEncrypted
               end
             end
-            singleton = class << self
-              self
-            end
             alias_method "original_find_by_#{attribute}", "find_by_#{attribute}" if respond_to?(attribute)
-            singleton.send(:define_method, "find_all_by_#{[options[:prefix], attribute].join('_')}", find_all_by_method)
-            singleton.send(:define_method, "find_by_#{attribute}", find_by_method)
+            define_singleton_method "find_all_by_#{[options[:prefix], attribute].join('_')}", find_all_by_method
+            define_singleton_method "find_by_#{attribute}", find_by_method
           end
         end

data/lib/attribute_queryable_encrypted/core_ext/prefix.rb CHANGED Viewed

@@ -11,7 +11,7 @@ module AttributeQueryableEncrypted
       # "This is a string".prefix_length("75%") => 12
       #
       def prefix_length(requested_length)
-        requested_length.is_a?(Numeric) ? length.lower(requested_length) : (length/(100/requested_length.match(/^([0-9.]+)%$/)[0].to_f)).ceil
+        requested_length.is_a?(Numeric) ? length.lower(requested_length) : (length/(100/requested_length.match(/^([0-9.]+)%?$/)[0].to_f)).ceil
       end
       def prefix(requested_length)

data/lib/attribute_queryable_encrypted/core_ext/stretch_digest.rb CHANGED Viewed

@@ -2,6 +2,7 @@ module AttributeQueryableEncrypted
   module CoreExt
     module StretchDigest
       def stretch_digest(options={})
+        options = options.dup
         options[:digest] ||= Digest::SHA2
         options[:stretches] ||= 1

data/lib/attribute_queryable_encrypted/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AttributeQueryableEncrypted
-  VERSION = "0.0.1"
+  VERSION = "0.0.2"
 end

data/readme.md CHANGED Viewed

@@ -2,7 +2,7 @@ AttributeQueryableEncrypted
 ===========================
 Assigns a digest-hashed value to an attribute writer using a portion of the value assigned to each attribute's normal writer. The digest-hashed prefix can then be used to identify other objects with the same prefix without revealing the underlying value.
-AttributeQueryableEncrypted was inspried by shuber's excellent [attr_encrypted](https://github.com/shuber/attr_encrypted) gem, and aims for compatibility. It attempts to addresses a shortcoming of encryption, where encrypted columns are queryable when unsalted, but attackable using a precomputed "rainbow table".
+AttributeQueryableEncrypted was inspried by shuber's excellent [attr_encrypted](https://github.com/shuber/attr_encrypted) gem, and aims for compatibility. It attempts to addresses a shortcoming of unsalted encryption, where encrypted columns are queryable, but attackable using a precomputed "rainbow table". By exposing only a portion of the unsalted encrypted data to precomputed attacks, AttributeQueryableEncrypted reduces the need for a full-table scan on encrypted data.
 Selecting multiple candidates with matching prefix digests and subsequently decrypting the full salted/encrypted data field to find a exact match will reduce the need for a full table scan. You should use attr_encrypted, or your own crypto logic, to handle encrypting and decrypting the appropriate full data field.
@@ -50,20 +50,22 @@ Options:
 * :encode     - Base64 encode the digest hash, suitable for database persistence. Default is false.
 * :stretches  - an integer number of iterations through the digest algorithm. More will reduce the ease of a precomputed attack. Default is 3.
 * :key        - an optional key to salt the digest algorithm. Default is nil.
+* :digest     - the Digest class to use. Must respond to #update. Default is Digest::SHA2.
 If you choose to use :stretches and/or :key, you should keep their values secret.
 Requirements:
 -------------
+* Ruby >= 1.9
 * ActiveSupport >= 3.0
 * ActiveRecord >= 3.0 for ActiveRecord usage
 Warnings
 --------
-* This technique is not without shortcomings, notably that the prefix digest is subject to a precomputed attack.
+* This technique is not without shortcomings, notably that the entire prefix digest is subject to a precomputed attack.
 * You should consider using secret values for :stretches and :key, and setting the :length option to a level that obscures an appropriate amount of your data without potentially giving away too much.
 * Increasing :stretches incurs a small performance penalty.
-* Decreasing :length can return more records in the initial matched set, potentially decreasing performance.
+* Decreasing :length can return more records in the initial matched set, potentially decreasing performance. Increasing :length makes more of the data subject to a precomputed attack.
 Copyright
 ---------

metadata CHANGED Viewed

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments:
   - 0
   - 0
-  - 1
-  version: 0.0.1
+  - 2
+  version: 0.0.2
 platform: ruby
 authors:
 - Scott Burton
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-11-16 00:00:00 -08:00
+date: 2011-11-17 00:00:00 -08:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency