scrypt 1.0.0 → 1.0.1

data/.gitignore

@@ -1,5 +1,7 @@
 pkg/*
+doc/*
 *.gem
 .bundle
+ext/mri/*.bundle
 *.o
 .DS_Store

data/README

@@ -7,13 +7,36 @@ The scrypt key derivation function is designed to be far more secure against har
 
 == Why you should use scrypt
 
-Coming soon.
+The designers of scrypt estimate that on modern (2009) hardware, if 5 seconds are spent computing a derived key, the cost of a hardware brute-force attack against scrypt is roughly 4000 times greater than the cost of a similar attack against bcrypt (to find the same password), and 20000 times greater than a similar attack against PBKDF2.
 
-== How to install bcrypt
+== How to install scrypt
 
   gem install scrypt
 
 == How to use scrypt
 
-Coming soon. It works pretty similarly to ruby-bcrypt.
+It works pretty similarly to ruby-bcrypt with a few minor differences, especially where the cost factor is concerned.
 
+	include "scrypt"
+
+	# hash a user's password
+	@password = Password.create("my grand secret")
+	@password #=> "2000$8$1$f5f2fa5fe5484a7091f1299768fbe92b5a7fbc77$6a385f22c54d92c314b71a4fd5ef33967c93d679"
+
+	# store it safely
+	@user.update_attribute(:password, @password)
+
+	# read it back
+	@user.reload!
+	@db_password = Password.new(@user.password)
+
+	# compare it after retrieval
+	@db_password == "my grand secret" #=> true
+	@db_password == "a paltry guess"  #=> false
+
+Password.create takes three options which will determine the cost limits of the computation.
+* :max_time specifies the maximum number of seconds the computation should take.
+* :max_mem specifies the maximum number of bytes the computation should take. A value of 0 specifies no upper limit. The minimum is always 1 MB.
+* :max_memfrac specifies the maximum memory in a fraction of available resources to use. Any value equal to 0 or greater than 0.5 will result in 0.5 being used.
+
+Default options will result in calculation time of approx. 200 ms with 1 MB memory use.

data/lib/scrypt.rb

@@ -8,6 +8,7 @@ require "scanf"
 
 
 module SCrypt
+  
   module Errors
     class InvalidSalt   < StandardError; end  # The salt parameter provided is invalid.
     class InvalidHash   < StandardError; end  # The hash parameter provided is invalid.
@@ -63,14 +64,16 @@ module SCrypt
 
     # Returns the cost value which will result in computation limits less than the given options.
     #
+    # Options:
+    # <tt>:max_time</tt> specifies the maximum number of seconds the computation should take.
+    # <tt>:max_mem</tt> specifies the maximum number of bytes the computation should take. A value of 0 specifies no upper limit. The minimum is always 1 MB.
+    # <tt>:max_memfrac</tt> specifies the maximum memory in a fraction of available resources to use. Any value equal to 0 or greater than 0.5 will result in 0.5 being used.
+    #
     # Example:
     #
     #   # should take less than 200ms
     #   SCrypt.calibrate(:max_time => 0.2)
     #
-    #   # should take less than 1000ms
-    #   SCrypt.calibrate(:max_time => 1)
-    #
     def self.calibrate(options = {})
       options = DEFAULTS.merge(options)
       __sc_calibrate(options[:max_mem], options[:max_memfrac], options[:max_time])
@@ -129,6 +132,7 @@ module SCrypt
       #
       # Example:
       #   @password = SCrypt::Password.create("my secret", :max_time => 0.25)
+      #
       def create(secret, options = {})
         options = SCrypt::Engine::DEFAULTS.merge(options)
         salt = SCrypt::Engine.generate_salt(options)

data/lib/scrypt/version.rb

@@ -1,3 +1,3 @@
 module SCrypt
-  VERSION = "1.0.0"
+  VERSION = "1.0.1"
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: scrypt
 version: !ruby/object:Gem::Version 
-  hash: 23
+  hash: 21
   prerelease: false
   segments: 
   - 1
   - 0
-  - 0
-  version: 1.0.0
+  - 1
+  version: 1.0.1
 platform: ruby
 authors: 
 - Patrick Hogan
@@ -47,7 +47,6 @@ files:
 - ext/mri/memlimit.h
 - ext/mri/scrypt_calibrate.c
 - ext/mri/scrypt_calibrate.h
-- ext/mri/scrypt_ext.bundle
 - ext/mri/scrypt_ext.c
 - ext/mri/scrypt_platform.h
 - ext/mri/scryptenc_cpuperf.c