pbkdf2_password_hasher 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e5ef13ed0a6bd80499e058a98c70fe3797f5b5e7
-  data.tar.gz: 0abc6f671b5cf855ce359db027c32aea1d55a10c
+  metadata.gz: b4da9a1f50fcf2892177ec04bea61b094cb642e5
+  data.tar.gz: 620f187ecaba9d0ed453a867ec720d9c1a8318be
 SHA512:
-  metadata.gz: 2b7dcfa535e5e19c1141d3e4668dba5ffd50b919e5f7a699049223a34f51639a144a1cbc067d4e7743f4dd88c35914887fd6d053b8a79a06529b4d0966469839
-  data.tar.gz: 4e2bc782267f3f554abcafe049c6841666e8fbeae805ff03f1b0f1a88667186070bab55fb5463531a4782e3515f0b1e36487ebd5bf29e6030ddbf80701da7a3c
+  metadata.gz: 3e5799e40f3c2fa359ed4198d05ae65a77afd59a2ad6a12df6d3f163323f6e99192a8dbea267f76ee242acfd1108a78b89ce4def321379afd83496e4fe8943c1
+  data.tar.gz: 899aaeef1e3a04d60d4662b6f652608ebcc6002fa78f9bdb12ee91f0daa9ae41cd33a5c9c9e45fe6fc19bfb46d64b8391f7b55e116525e4a89339f152d86034f

data/README.md

@@ -7,7 +7,7 @@ This was originally built to import password hashes from django application to r
 
 ## Installation
 
-In your Gemfile : 
+In your Gemfile :
 ```ruby
 gem pbkdf2_password_hasher, git: 'aherve/pbkdf2-password-hasher'
 ```
@@ -25,13 +25,13 @@ salt = 'NaCl'    # random salt key
 pass = 's3cr3t'  # your password
 it   = 1000      # number of iterations
 
-hash = Pbkdf2PasswordHasher.hash_password(pass,salt,it)
+hash = Pbkdf2PasswordHasher.hash_password(pass,salt,it) #=> "pbkdf2_sha256$1000$NaCl$uDAu+fkRHoZk03PKp0bzrXDWc4j4mhkzGBm7ljbvp58="
 ```
 - Check password validity against string
 
 ```ruby
 # hashed string from django app
-hsh ='pbkdf2_sha256$12000$PEnXGf9dviXF$2soDhu1WB8NSbFDm0w6NEe6OvslVXtiyf4VMiiy9rH0=' 
+hsh ='pbkdf2_sha256$12000$PEnXGf9dviXF$2soDhu1WB8NSbFDm0w6NEe6OvslVXtiyf4VMiiy9rH0='
 
 # with right password:
 Pbkdf2PasswordHasher.check_password('bite',hsh) #=> true

data/lib/pbkdf2_password_hasher.rb

@@ -1,26 +1,22 @@
-require "pbkdf2_password_hasher/version"
+require 'pbkdf2_password_hasher/version'
 require 'pbkdf2_password_hasher/django_hash'
 
 module Pbkdf2PasswordHasher
-
   class << self
-
     # compute a hash from password, salt, number of iterations, and key length
-    def hash_password(pass,salt,nb_of_iterations,key_length=32)
-      DjangoHash.new(
+    def hash_password(pass, salt, nb_of_iterations, key_length = 32)
+      hsh = DjangoHash.new(
         :password => pass,
         :salt     => salt,
         :c        => nb_of_iterations,
-        :dklen    => key_length,
+        :dklen    => key_length
       ).get_hash
+      "pbkdf2_sha256$#{nb_of_iterations}$#{salt}$#{hsh}"
     end
 
     # Check password against hash string
-    def check_password(pass,hash)
-      DjangoHash::parse(hash).check_password(pass)
+    def check_password(pass, hash)
+      DjangoHash.parse(hash).check_password(pass)
     end
-
   end
-
 end
-

data/lib/pbkdf2_password_hasher/django_hash.rb

@@ -7,28 +7,28 @@ class DjangoHash
   def initialize(params)
     @password  = params[:password]
     @dklen     = params[:dklen]    || 32
-    @c         = params[:c].to_i   || 12000
+    @c         = params[:c].to_i   || 12_000
     @hsh       = params[:hash]
     @salt      = params[:salt]
 
-    @hash_f = OpenSSL::Digest.new("sha256")
+    @hash_f = OpenSSL::Digest.new('sha256')
   end
 
   # Instanciate class using hash string
   def self.parse(str)
-    algo,c,salt,hsh = str.split('$')
-    raise "sorry, don't know what to do with #{algo}" unless algo == 'pbkdf2_sha256'
+    algo, c, salt, hsh = str.split('$')
+    fail "sorry, don't know what to do with #{algo}" unless algo == 'pbkdf2_sha256'
     DjangoHash.new(
       :dklen => Base64.decode64(hsh).size,
       :c     => c,
       :salt  => salt,
-      :hash  => hsh,
+      :hash  => hsh
     )
   end
 
   # Compute hash
   def get_hash
-    (1..number_of_blocks).map(&block).reduce("",&:<<)
+    (1..number_of_blocks).map(&block).reduce('', &:<<)
   end
 
   # Check password against computed hash
@@ -40,29 +40,29 @@ class DjangoHash
   private
 
   def number_of_blocks
-    (@dklen.to_f/@hash_f.size).ceil
+    (@dklen.to_f / @hash_f.size).ceil
   end
 
   # "string xor"
-  def xor(s1,s2)
-    s1.bytes.zip((s2).bytes).map{|a,b| a ^ b}.pack("C*")
+  def xor(s1, s2)
+    s1.bytes.zip((s2).bytes).map { |a, b| a ^ b }.pack('C*')
   end
 
   # Pseudo Random Function, as described in wikipedia
   def prf(data)
-    @hash_func ||= OpenSSL::Digest.new("sha256")
-    OpenSSL::HMAC.digest(@hash_func,@password, data)
+    @hash_func ||= OpenSSL::Digest.new('sha256')
+    OpenSSL::HMAC.digest(@hash_func, @password, data)
   end
 
   def block
-    -> i {
-      u = prf(@salt+[i].pack("N"))
+    -> i do
+      u = prf(@salt + [i].pack('N'))
       f = u
-      2.upto(@c) do |i|
+      2.upto(@c) do |_i|
         u = prf(u)
-        f = xor(f,u)
+        f = xor(f, u)
       end
-      Base64.encode64(f[0..@dklen-1]).chomp
-    }
+      Base64.encode64(f[0..@dklen - 1]).chomp
+    end
   end
 end

data/lib/pbkdf2_password_hasher/version.rb

@@ -1,3 +1,3 @@
 module Pbkdf2PasswordHasher
-  VERSION = "0.1.0"
+  VERSION = '0.2.0'
 end

data/spec/pbkdf2_password_hasher_spec.rb

@@ -1,33 +1,27 @@
 require 'spec_helper'
-describe Pbkdf2PasswordHasher do 
-
-  before(:all) do 
+describe Pbkdf2PasswordHasher do
+  before(:all) do
     @django_hash = 'pbkdf2_sha256$12000$PEnXGf9dviXF$2soDhu1WB8NSbFDm0w6NEe6OvslVXtiyf4VMiiy9rH0='
   end
 
-  describe 'check_password' do 
-
-    describe "when provided the right password" do 
-      it "should validate" do 
-        Pbkdf2PasswordHasher::check_password('bite',@django_hash).should be_true
+  describe 'check_password' do
+    describe 'when provided the right password' do
+      it 'should validate' do
+        expect(Pbkdf2PasswordHasher.check_password('bite', @django_hash)).to be true
       end
     end
 
-    describe "when NOT provided the right password" do 
-      it "should NOT validate" do 
-        Pbkdf2PasswordHasher::check_password('false_pass',@django_hash).should be_false
+    describe 'when NOT provided the right password' do
+      it 'should NOT validate' do
+        expect(Pbkdf2PasswordHasher.check_password('false_pass', @django_hash)).to be false
       end
     end
-
   end
 
-  describe "hash_password" do 
-
-    it "should work" do 
-      a = @django_hash.split("$")
-      Pbkdf2PasswordHasher.hash_password('bite',a[2],a[1]).should == a[3]
+  describe 'hash_password' do
+    it 'should work' do
+      a = @django_hash.split('$')
+      expect(Pbkdf2PasswordHasher.hash_password('bite', a[2], a[1])).to eq(@django_hash)
     end
-
   end
-
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pbkdf2_password_hasher
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Aurélien Hervé
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-03-19 00:00:00.000000000 Z
+date: 2014-12-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -92,7 +92,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.1
+rubygems_version: 2.4.2
 signing_key: 
 specification_version: 4
 summary: pbkdf2 hash check