attribute_queryable_encrypted 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
@@ -27,14 +27,10 @@ module AttributeQueryableEncrypted
|
|
27
27
|
end
|
28
28
|
end
|
29
29
|
|
30
|
-
singleton = class << self
|
31
|
-
self
|
32
|
-
end
|
33
|
-
|
34
30
|
alias_method "original_find_by_#{attribute}", "find_by_#{attribute}" if respond_to?(attribute)
|
35
31
|
|
36
|
-
|
37
|
-
|
32
|
+
define_singleton_method "find_all_by_#{[options[:prefix], attribute].join('_')}", find_all_by_method
|
33
|
+
define_singleton_method "find_by_#{attribute}", find_by_method
|
38
34
|
|
39
35
|
end
|
40
36
|
end
|
@@ -11,7 +11,7 @@ module AttributeQueryableEncrypted
|
|
11
11
|
# "This is a string".prefix_length("75%") => 12
|
12
12
|
#
|
13
13
|
def prefix_length(requested_length)
|
14
|
-
requested_length.is_a?(Numeric) ? length.lower(requested_length) : (length/(100/requested_length.match(/^([0-9.]+)
|
14
|
+
requested_length.is_a?(Numeric) ? length.lower(requested_length) : (length/(100/requested_length.match(/^([0-9.]+)%?$/)[0].to_f)).ceil
|
15
15
|
end
|
16
16
|
|
17
17
|
def prefix(requested_length)
|
data/readme.md
CHANGED
@@ -2,7 +2,7 @@ AttributeQueryableEncrypted
|
|
2
2
|
===========================
|
3
3
|
Assigns a digest-hashed value to an attribute writer using a portion of the value assigned to each attribute's normal writer. The digest-hashed prefix can then be used to identify other objects with the same prefix without revealing the underlying value.
|
4
4
|
|
5
|
-
AttributeQueryableEncrypted was inspried by shuber's excellent [attr_encrypted](https://github.com/shuber/attr_encrypted) gem, and aims for compatibility. It attempts to addresses a shortcoming of encryption, where encrypted columns are queryable
|
5
|
+
AttributeQueryableEncrypted was inspried by shuber's excellent [attr_encrypted](https://github.com/shuber/attr_encrypted) gem, and aims for compatibility. It attempts to addresses a shortcoming of unsalted encryption, where encrypted columns are queryable, but attackable using a precomputed "rainbow table". By exposing only a portion of the unsalted encrypted data to precomputed attacks, AttributeQueryableEncrypted reduces the need for a full-table scan on encrypted data.
|
6
6
|
|
7
7
|
Selecting multiple candidates with matching prefix digests and subsequently decrypting the full salted/encrypted data field to find a exact match will reduce the need for a full table scan. You should use attr_encrypted, or your own crypto logic, to handle encrypting and decrypting the appropriate full data field.
|
8
8
|
|
@@ -50,20 +50,22 @@ Options:
|
|
50
50
|
* :encode - Base64 encode the digest hash, suitable for database persistence. Default is false.
|
51
51
|
* :stretches - an integer number of iterations through the digest algorithm. More will reduce the ease of a precomputed attack. Default is 3.
|
52
52
|
* :key - an optional key to salt the digest algorithm. Default is nil.
|
53
|
+
* :digest - the Digest class to use. Must respond to #update. Default is Digest::SHA2.
|
53
54
|
|
54
55
|
If you choose to use :stretches and/or :key, you should keep their values secret.
|
55
56
|
|
56
57
|
Requirements:
|
57
58
|
-------------
|
59
|
+
* Ruby >= 1.9
|
58
60
|
* ActiveSupport >= 3.0
|
59
61
|
* ActiveRecord >= 3.0 for ActiveRecord usage
|
60
62
|
|
61
63
|
Warnings
|
62
64
|
--------
|
63
|
-
* This technique is not without shortcomings, notably that the prefix digest is subject to a precomputed attack.
|
65
|
+
* This technique is not without shortcomings, notably that the entire prefix digest is subject to a precomputed attack.
|
64
66
|
* You should consider using secret values for :stretches and :key, and setting the :length option to a level that obscures an appropriate amount of your data without potentially giving away too much.
|
65
67
|
* Increasing :stretches incurs a small performance penalty.
|
66
|
-
* Decreasing :length can return more records in the initial matched set, potentially decreasing performance.
|
68
|
+
* Decreasing :length can return more records in the initial matched set, potentially decreasing performance. Increasing :length makes more of the data subject to a precomputed attack.
|
67
69
|
|
68
70
|
Copyright
|
69
71
|
---------
|
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 0
|
8
|
-
-
|
9
|
-
version: 0.0.
|
8
|
+
- 2
|
9
|
+
version: 0.0.2
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Scott Burton
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2011-11-
|
17
|
+
date: 2011-11-17 00:00:00 -08:00
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|