scrypt 3.0.6 → 3.0.7

data/lib/scrypt/errors.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module SCrypt
+  module Errors
+    # The salt parameter provided is invalid.
+    class InvalidSalt   < StandardError; end
+
+    # The hash parameter provided is invalid.
+    class InvalidHash   < StandardError; end
+
+    # The secret parameter provided is invalid.
+    class InvalidSecret < StandardError; end
+  end
+end

data/lib/scrypt/password.rb

@@ -0,0 +1,97 @@
+# frozen_string_literal: true
+
+module SCrypt
+  # A password management class which allows you to safely store users' passwords and compare them.
+  #
+  # Example usage:
+  #
+  #   include "scrypt"
+  #
+  #   # hash a user's password
+  #   @password = Password.create("my grand secret")
+  #   @password #=> "2000$8$1$f5f2fa5fe5484a7091f1299768fbe92b5a7fbc77$6a385f22c54d92c314b71a4fd5ef33967c93d679"
+  #
+  #   # store it safely
+  #   @user.update_attribute(:password, @password)
+  #
+  #   # read it back
+  #   @user.reload!
+  #   @db_password = Password.new(@user.password)
+  #
+  #   # compare it after retrieval
+  #   @db_password == "my grand secret" #=> true
+  #   @db_password == "a paltry guess"  #=> false
+  #
+  class Password < String
+    # The hash portion of the stored password hash.
+    attr_reader :digest
+    # The salt of the store password hash
+    attr_reader :salt
+    # The cost factor used to create the hash.
+    attr_reader :cost
+
+    class << self
+      # Hashes a secret, returning a SCrypt::Password instance.
+      # Takes five options (optional), which will determine the salt/key's length and the cost limits of the computation.
+      # <tt>:key_len</tt> specifies the length in bytes of the key you want to generate. The default is 32 bytes (256 bits). Minimum is 16 bytes (128 bits). Maximum is 512 bytes (4096 bits).
+      # <tt>:salt_size</tt> specifies the size in bytes of the random salt you want to generate. The default and minimum is 8 bytes (64 bits). Maximum is 32 bytes (256 bits).
+      # <tt>:max_time</tt> specifies the maximum number of seconds the computation should take.
+      # <tt>:max_mem</tt> specifies the maximum number of bytes the computation should take. A value of 0 specifies no upper limit. The minimum is always 1 MB.
+      # <tt>:max_memfrac</tt> specifies the maximum memory in a fraction of available resources to use. Any value equal to 0 or greater than 0.5 will result in 0.5 being used.
+      # The scrypt key derivation function is designed to be far more secure against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt.
+      # The designers of scrypt estimate that on modern (2009) hardware, if 5 seconds are spent computing a derived key, the cost of a hardware brute-force attack against scrypt is roughly 4000 times greater than the cost of a similar attack against bcrypt (to find the same password), and 20000 times greater than a similar attack against PBKDF2.
+      # Default options will result in calculation time of approx. 200 ms with 1 MB memory use.
+      #
+      # Example:
+      #   @password = SCrypt::Password.create("my secret", :max_time => 0.25)
+      #
+      def create(secret, options = {})
+        options = SCrypt::Engine::DEFAULTS.merge(options)
+
+        # Clamp minimum/maximum keylen
+        options[:key_len] = 16 if options[:key_len] < 16
+        options[:key_len] = 512 if options[:key_len] > 512
+
+        # Clamp minimum/maximum salt_size
+        options[:salt_size] = 8 if options[:salt_size] < 8
+        options[:salt_size] = 32 if options[:salt_size] > 32
+
+        salt = SCrypt::Engine.generate_salt(options)
+        hash = SCrypt::Engine.hash_secret(secret, salt, options[:key_len])
+
+        Password.new(hash)
+      end
+    end
+
+    # Initializes a SCrypt::Password instance with the data from a stored hash.
+    def initialize(raw_hash)
+      raise Errors::InvalidHash, 'invalid hash' unless valid_hash?(raw_hash)
+
+      replace(raw_hash)
+
+      @cost, @salt, @digest = split_hash(to_s)
+    end
+
+    # Compares a potential secret against the hash. Returns true if the secret is the original secret, false otherwise.
+    def ==(other)
+      SecurityUtils.secure_compare(self, SCrypt::Engine.hash_secret(other, @cost + @salt, digest.length / 2))
+    end
+    alias is_password? ==
+
+    private
+
+    # Returns true if +h+ is a valid hash.
+    def valid_hash?(h)
+      h.match(/^[0-9a-z]+\$[0-9a-z]+\$[0-9a-z]+\$[A-Za-z0-9]{16,64}\$[A-Za-z0-9]{32,1024}$/) != nil
+    end
+
+    # call-seq:
+    #   split_hash(raw_hash) -> cost, salt, hash
+    #
+    # Splits +h+ into cost, salt, and hash and returns them in that order.
+    def split_hash(h)
+      n, v, r, salt, hash = h.split('$')
+      [[n, v, r].join('$') + '$', salt, hash]
+    end
+  end
+end

data/lib/scrypt/scrypt_ext.rb

@@ -1,9 +1,12 @@
+# frozen_string_literal: true
+
 require 'ffi'
 require 'ffi-compiler/loader'
 
 module SCrypt
   module Ext
     extend FFI::Library
+
     ffi_lib FFI::Compiler::Loader.find('scrypt_ext')
   end
 end

data/lib/scrypt/security_utils.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # NOTE:: a verbatim copy of https://github.com/rails/rails/blob/c8c660002f4b0e9606de96325f20b95248b6ff2d/activesupport/lib/active_support/security_utils.rb
 # Please see the Rails license: https://github.com/rails/rails/blob/master/activesupport/MIT-LICENSE
 
@@ -9,15 +11,14 @@ module SCrypt
     # that have already been processed by HMAC. This should not be used
     # on variable length plaintext strings because it could leak length info
     # via timing attacks.
-    def secure_compare(a, b)
+    def self.secure_compare(a, b)
       return false unless a.bytesize == b.bytesize
 
       l = a.unpack "C#{a.bytesize}"
 
       res = 0
       b.each_byte { |byte| res |= byte ^ l.shift }
-      res == 0
+      res.zero?
     end
-    module_function :secure_compare
   end
 end

data/lib/scrypt/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module SCrypt
-  VERSION = "3.0.6"
+  VERSION = '3.0.7'
 end

data/scrypt.gemspec

@@ -1,37 +1,55 @@
-# -*- encoding: utf-8 -*-
+# frozen_string_literal: true
+
+# rubocop:disable Performance/EndWith, Style/SpecialGlobalVars
+
 $:.push File.expand_path("../lib", __FILE__)
-require "scrypt/version"
+require 'scrypt/version'
 
 Gem::Specification.new do |s|
-  s.name        = "scrypt"
+  s.name        = 'scrypt'
   s.version     = SCrypt::VERSION
-  s.authors     = ["Patrick Hogan", "Stephen von Takach", "Rene van Paassen" ]
-  s.email       = ["pbhogan@gmail.com", "steve@advancedcontrol.com.au",
-                   "rene.vanpaassen@gmail.com" ]
-  s.cert_chain  = ['certs/pbhogan.pem']
+  s.authors     = ['Patrick Hogan',
+                   'Stephen von Takach',
+                   'Rene van Paassen',
+                   'Johanns Gregorian']
+  s.email       = ['pbhogan@gmail.com',
+                   'steve@advancedcontrol.com.au',
+                   'rene.vanpaassen@gmail.com',
+                   'io+scrypt@jsg.io']
+  s.cert_chain  = ['certs/stakach.pem']
   s.license     = 'BSD-3-Clause'
-  s.signing_key = File.expand_path("~/.ssh/gem-private_key.pem") if $0 =~ /gem\z/
-  s.homepage    = "https://github.com/pbhogan/scrypt"
-  s.summary     = "scrypt password hashing algorithm."
-  s.description = <<-EOF
+
+  s.signing_key = File.expand_path('~/.ssh/gem-private_key.pem') if $0 =~ /gem\z/
+
+  s.homepage    = 'https://github.com/pbhogan/scrypt'
+  s.summary     = 'scrypt password hashing algorithm.'
+
+  s.description = <<-DESC
     The scrypt key derivation function is designed to be far
     more secure against hardware brute-force attacks than
     alternative functions such as PBKDF2 or bcrypt.
-  EOF
+  DESC
 
   s.add_dependency 'ffi-compiler', '>= 1.0', '< 2.0'
+  s.add_development_dependency 'awesome_print', '>= 1', '< 2'
   s.add_development_dependency 'rake', '>= 9', '< 13'
-  s.add_development_dependency 'rspec', '>= 3', '< 4'
   s.add_development_dependency 'rdoc', '>= 4', '< 5'
-  s.add_development_dependency 'awesome_print', '>= 1', '< 2'
+  s.add_development_dependency 'rspec', '>= 3', '< 4'
+
+  if RUBY_VERSION >= '2.5'
+    s.add_development_dependency 'rubocop', '>= 0.76.0', '< 1.0.0'
+    s.add_development_dependency 'rubocop-gitlab-security', '>= 0.1.1', '< 0.2'
+    s.add_development_dependency 'rubocop-performance', '>= 1.5.0', '< 1.6.0'
+  end
 
-  s.rubyforge_project = "scrypt"
+  s.rubyforge_project = 'scrypt'
 
-  s.extensions = ["ext/scrypt/Rakefile"]
+  s.extensions = ['ext/scrypt/Rakefile']
 
-  s.files = %w(Rakefile scrypt.gemspec README.md COPYING) + Dir.glob("{lib,spec,autotest}/**/*")
-  s.files += Dir.glob("ext/scrypt/*")
-  s.test_files = Dir.glob("spec/**/*")
-  s.require_paths = ["lib"]
+  s.files = %w[Rakefile scrypt.gemspec README.md COPYING] + Dir.glob('{lib,spec,autotest}/**/*')
+  s.files += Dir.glob('ext/scrypt/*')
+  s.test_files = Dir.glob('spec/**/*')
+  s.require_paths = ['lib']
 end
 
+# rubocop:enable

data/spec/scrypt/engine_spec.rb

@@ -1,84 +1,81 @@
-require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
+# frozen_string_literal: true
 
-describe "The SCrypt engine" do
-  it "should calculate a valid cost factor" do
-    first = SCrypt::Engine.calibrate(:max_time => 0.2)
+require File.expand_path(File.join(File.dirname(__FILE__), '..', 'spec_helper'))
+
+describe 'The SCrypt engine' do
+  it 'should calculate a valid cost factor' do
+    first = SCrypt::Engine.calibrate(max_time: 0.2)
     expect(SCrypt::Engine.valid_cost?(first)).to equal(true)
   end
 end
 
-
-describe "Generating SCrypt salts" do
-  it "should produce strings" do
+describe 'Generating SCrypt salts' do
+  it 'should produce strings' do
     expect(SCrypt::Engine.generate_salt).to be_an_instance_of(String)
   end
 
-  it "should produce random data" do
+  it 'should produce random data' do
     expect(SCrypt::Engine.generate_salt).not_to equal(SCrypt::Engine.generate_salt)
   end
 
-  it "should used the saved cost factor" do
+  it 'should used the saved cost factor' do
     # Verify cost is different before saving
-    cost = SCrypt::Engine.calibrate(:max_time => 0.01)
-    expect(SCrypt::Engine.generate_salt(:max_time => 30, :max_mem => 64*1024*1024)).not_to start_with(cost)
+    cost = SCrypt::Engine.calibrate(max_time: 0.01)
+    expect(SCrypt::Engine.generate_salt(max_time: 30, max_mem: 64 * 1024 * 1024)).not_to start_with(cost)
 
-    cost = SCrypt::Engine.calibrate!(:max_time => 0.01)
-    expect(SCrypt::Engine.generate_salt(:max_time => 30, :max_mem => 64*1024*1024)).to start_with(cost)
+    cost = SCrypt::Engine.calibrate!(max_time: 0.01)
+    expect(SCrypt::Engine.generate_salt(max_time: 30, max_mem: 64 * 1024 * 1024)).to start_with(cost)
   end
 end
 
-
-describe "Autodetecting of salt cost" do
-  it "should work" do
-    expect(SCrypt::Engine.autodetect_cost("2a$08$c3$randomjunkgoeshere")).to eq("2a$08$c3$")
+describe 'Autodetecting of salt cost' do
+  it 'should work' do
+    expect(SCrypt::Engine.autodetect_cost('2a$08$c3$randomjunkgoeshere')).to eq('2a$08$c3$')
   end
 end
 
-
-describe "Generating SCrypt hashes" do
-
+describe 'Generating SCrypt hashes' do
   class MyInvalidSecret
     undef to_s
   end
 
   before :each do
     @salt = SCrypt::Engine.generate_salt
-    @password = "woo"
+    @password = 'woo'
   end
 
-  it "should produce a string" do
+  it 'should produce a string' do
     expect(SCrypt::Engine.hash_secret(@password, @salt)).to be_an_instance_of(String)
   end
 
-  it "should raise an InvalidSalt error if the salt is invalid" do
-    expect(lambda { SCrypt::Engine.hash_secret(@password, 'nino') }).to raise_error(SCrypt::Errors::InvalidSalt)
+  it 'should raise an InvalidSalt error if the salt is invalid' do
+    expect(-> { SCrypt::Engine.hash_secret(@password, 'nino') }).to raise_error(SCrypt::Errors::InvalidSalt)
   end
 
-  it "should raise an InvalidSecret error if the secret is invalid" do
-    expect(lambda { SCrypt::Engine.hash_secret(MyInvalidSecret.new, @salt) }).to raise_error(SCrypt::Errors::InvalidSecret)
-    expect(lambda { SCrypt::Engine.hash_secret(nil, @salt) }).to_not raise_error
-    expect(lambda { SCrypt::Engine.hash_secret(false, @salt) }).to_not raise_error
+  it 'should raise an InvalidSecret error if the secret is invalid' do
+    expect(-> { SCrypt::Engine.hash_secret(MyInvalidSecret.new, @salt) }).to raise_error(SCrypt::Errors::InvalidSecret)
+    expect(-> { SCrypt::Engine.hash_secret(nil, @salt) }).to_not raise_error
+    expect(-> { SCrypt::Engine.hash_secret(false, @salt) }).to_not raise_error
   end
 
-  it "should call #to_s on the secret and use the return value as the actual secret data" do
-    expect(SCrypt::Engine.hash_secret(false, @salt)).to eq(SCrypt::Engine.hash_secret("false", @salt))
+  it 'should call #to_s on the secret and use the return value as the actual secret data' do
+    expect(SCrypt::Engine.hash_secret(false, @salt)).to eq(SCrypt::Engine.hash_secret('false', @salt))
   end
 end
 
-describe "SCrypt test vectors" do
-  it "should match results of SCrypt function" do
-        
+describe 'SCrypt test vectors' do
+  it 'should match results of SCrypt function' do
     expect(SCrypt::Engine.scrypt('', '', 16, 1, 1, 64).unpack('H*').first).to eq('77d6576238657b203b19ca42c18a0497f16b4844e3074ae8dfdffa3fede21442fcd0069ded0948f8326a753a0fc81f17e8d3e0fb2e0d3628cf35e20c38d18906')
     expect(SCrypt::Engine.scrypt('password', 'NaCl', 1024, 8, 16, 64).unpack('H*').first).to eq('fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640')
-    expect(SCrypt::Engine.scrypt('pleaseletmein', 'SodiumChloride', 16384, 8, 1, 64).unpack('H*').first).to eq('7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887')
+    expect(SCrypt::Engine.scrypt('pleaseletmein', 'SodiumChloride', 16_384, 8, 1, 64).unpack('H*').first).to eq('7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887')
     # Raspberry is memory limited, and fails on this test
- #   expect(SCrypt::Engine.scrypt('pleaseletmein', 'SodiumChloride', 1048576, 8, 1, 64).unpack('H*').first).to eq('2101cb9b6a511aaeaddbbe09cf70f881ec568d574a2ffd4dabe5ee9820adaa478e56fd8f4ba5d09ffa1c6d927c40f4c337304049e8a952fbcbf45c6fa77a41a4')
+    #   expect(SCrypt::Engine.scrypt('pleaseletmein', 'SodiumChloride', 1048576, 8, 1, 64).unpack('H*').first).to eq('2101cb9b6a511aaeaddbbe09cf70f881ec568d574a2ffd4dabe5ee9820adaa478e56fd8f4ba5d09ffa1c6d927c40f4c337304049e8a952fbcbf45c6fa77a41a4')
   end
 
-  it "should match equivalent results sent through hash_secret() function" do
+  it 'should match equivalent results sent through hash_secret() function' do
     expect(SCrypt::Engine.hash_secret('', '10$1$1$0000000000000000', 64)).to match(/\$77d6576238657b203b19ca42c18a0497f16b4844e3074ae8dfdffa3fede21442fcd0069ded0948f8326a753a0fc81f17e8d3e0fb2e0d3628cf35e20c38d18906$/)
     expect(SCrypt::Engine.hash_secret('password', '400$8$10$000000004e61436c', 64)).to match(/\$fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640$/)
     expect(SCrypt::Engine.hash_secret('pleaseletmein', '4000$8$1$536f6469756d43686c6f72696465', 64)).to match(/\$7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887$/)
-  #  expect(SCrypt::Engine.hash_secret('pleaseletmein', '100000$8$1$536f6469756d43686c6f72696465', 64)).to match(/\$2101cb9b6a511aaeaddbbe09cf70f881ec568d574a2ffd4dabe5ee9820adaa478e56fd8f4ba5d09ffa1c6d927c40f4c337304049e8a952fbcbf45c6fa77a41a4$/)
+    #  expect(SCrypt::Engine.hash_secret('pleaseletmein', '100000$8$1$536f6469756d43686c6f72696465', 64)).to match(/\$2101cb9b6a511aaeaddbbe09cf70f881ec568d574a2ffd4dabe5ee9820adaa478e56fd8f4ba5d09ffa1c6d927c40f4c337304049e8a952fbcbf45c6fa77a41a4$/)
   end
 end

data/spec/scrypt/password_spec.rb

@@ -1,137 +1,135 @@
-require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
+# frozen_string_literal: true
 
-describe "Creating a hashed password" do
+require File.expand_path(File.join(File.dirname(__FILE__), '..', 'spec_helper'))
+
+describe 'Creating a hashed password' do
   before :each do
-    @password = SCrypt::Password.create("s3cr3t", :max_time => 0.25)
+    @password = SCrypt::Password.create('s3cr3t', max_time: 0.25)
   end
 
-  it "should return a SCrypt::Password" do
+  it 'should return a SCrypt::Password' do
     expect(@password).to be_an_instance_of(SCrypt::Password)
   end
 
-  it "should return a valid password" do
-    expect(lambda { SCrypt::Password.new(@password) }).to_not raise_error
+  it 'should return a valid password' do
+    expect(-> { SCrypt::Password.new(@password) }).to_not raise_error
   end
 
-  it "should behave normally if the secret is not a string" do
-    expect(lambda { SCrypt::Password.create(nil) }).to_not raise_error
-    expect(lambda { SCrypt::Password.create({:woo => "yeah"}) }).to_not raise_error
-    expect(lambda { SCrypt::Password.create(false) }).to_not raise_error
+  it 'should behave normally if the secret is not a string' do
+    expect(-> { SCrypt::Password.create(nil) }).to_not raise_error
+    expect(-> { SCrypt::Password.create(woo: 'yeah') }).to_not raise_error
+    expect(-> { SCrypt::Password.create(false) }).to_not raise_error
   end
 
-  it "should tolerate empty string secrets" do
-    expect(lambda { SCrypt::Password.create( "\n".chop  ) }).to_not raise_error
-    expect(lambda { SCrypt::Password.create( ""         ) }).to_not raise_error
-    expect(lambda { SCrypt::Password.create( String.new ) }).to_not raise_error
+  it 'should tolerate empty string secrets' do
+    expect(-> { SCrypt::Password.create("\n".chop) }).to_not raise_error
+    expect(-> { SCrypt::Password.create('') }).to_not raise_error
+    expect(-> { SCrypt::Password.create('') }).to_not raise_error
   end
 end
 
-
-describe "Reading a hashed password" do
+describe 'Reading a hashed password' do
   before :each do
-    @secret = "my secret"
-    @hash = "400$8$d$173a8189751c095a29b933789560b73bf17b2e01$9bf66d74bd6f3ebcf99da3b379b689b89db1cb07"
+    @secret = 'my secret'
+    @hash = '400$8$d$173a8189751c095a29b933789560b73bf17b2e01$9bf66d74bd6f3ebcf99da3b379b689b89db1cb07'
   end
 
-  it "should read the cost, salt, and hash" do
+  it 'should read the cost, salt, and hash' do
     password = SCrypt::Password.new(@hash)
-    expect(password.cost).to eq("400$8$d$")
-    expect(password.salt).to eq("173a8189751c095a29b933789560b73bf17b2e01")
+    expect(password.cost).to eq('400$8$d$')
+    expect(password.salt).to eq('173a8189751c095a29b933789560b73bf17b2e01')
     expect(password.to_s).to eq(@hash)
   end
 
-  it "should raise an InvalidHashError when given an invalid hash" do
-    expect(lambda { SCrypt::Password.new('not a valid hash') }).to raise_error(SCrypt::Errors::InvalidHash)
+  it 'should raise an InvalidHashError when given an invalid hash' do
+    expect(-> { SCrypt::Password.new('not a valid hash') }).to raise_error(SCrypt::Errors::InvalidHash)
   end
 end
 
-describe "Comparing a hashed password with a secret" do
+describe 'Comparing a hashed password with a secret' do
   before :each do
-    @secret = "s3cr3t"
+    @secret = 's3cr3t'
     @password = SCrypt::Password.create(@secret)
   end
 
-  it "should compare successfully to the original secret" do
+  it 'should compare successfully to the original secret' do
     expect((@password == @secret)).to be(true)
   end
 
-  it "should compare unsuccessfully to anything besides original secret" do
-    expect((@password == "@secret")).to be(false)
+  it 'should compare unsuccessfully to anything besides original secret' do
+    expect((@password == '@secret')).to be(false)
   end
-
 end
 
-describe "non-default salt sizes" do
+describe 'non-default salt sizes' do
   before :each do
-    @secret = "s3cret"
+    @secret = 's3cret'
   end
 
-  it "should enforce a minimum salt of 8 bytes" do
-    @password = SCrypt::Password.create(@secret, :salt_size => 7)
+  it 'should enforce a minimum salt of 8 bytes' do
+    @password = SCrypt::Password.create(@secret, salt_size: 7)
     expect(@password.salt.length).to eq(8 * 2)
   end
 
-  it "should allow a salt of 32 bytes" do
-    @password = SCrypt::Password.create(@secret, :salt_size => 32)
+  it 'should allow a salt of 32 bytes' do
+    @password = SCrypt::Password.create(@secret, salt_size: 32)
     expect(@password.salt.length).to eq(32 * 2)
   end
 
-  it "should enforce a maximum salt of 32 bytes" do
-    @password = SCrypt::Password.create(@secret, :salt_size => 33)
+  it 'should enforce a maximum salt of 32 bytes' do
+    @password = SCrypt::Password.create(@secret, salt_size: 33)
     expect(@password.salt.length).to eq(32 * 2)
   end
 
-  it "should pad a 20-byte salt to not look like a 20-byte SHA1" do
-    @password = SCrypt::Password.create(@secret, :salt_size => 20)
+  it 'should pad a 20-byte salt to not look like a 20-byte SHA1' do
+    @password = SCrypt::Password.create(@secret, salt_size: 20)
     expect(@password.salt.length).to eq(41)
   end
 
-  it "should properly compare a non-standard salt hash" do
-    @password = SCrypt::Password.create(@secret, :salt_size => 20)
+  it 'should properly compare a non-standard salt hash' do
+    @password = SCrypt::Password.create(@secret, salt_size: 20)
     expect((SCrypt::Password.new(@password.to_s) == @secret)).to be(true)
   end
-
 end
 
-describe "non-default key lengths" do
+describe 'non-default key lengths' do
   before :each do
-    @secret = "s3cret"
+    @secret = 's3cret'
   end
 
-  it "should enforce a minimum keylength of 16 bytes" do
-    @password = SCrypt::Password.create(@secret, :key_len => 15)
+  it 'should enforce a minimum keylength of 16 bytes' do
+    @password = SCrypt::Password.create(@secret, key_len: 15)
     expect(@password.digest.length).to eq(16 * 2)
   end
 
-  it "should allow a keylength of 512 bytes" do
-    @password = SCrypt::Password.create(@secret, :key_len => 512)
+  it 'should allow a keylength of 512 bytes' do
+    @password = SCrypt::Password.create(@secret, key_len: 512)
     expect(@password.digest.length).to eq(512 * 2)
   end
 
-  it "should enforce a maximum keylength of 512 bytes" do
-    @password = SCrypt::Password.create(@secret, :key_len => 513)
+  it 'should enforce a maximum keylength of 512 bytes' do
+    @password = SCrypt::Password.create(@secret, key_len: 513)
     expect(@password.digest.length).to eq(512 * 2)
   end
 
-  it "should properly compare a non-standard hash" do
-    @password = SCrypt::Password.create(@secret, :key_len => 512)
+  it 'should properly compare a non-standard hash' do
+    @password = SCrypt::Password.create(@secret, key_len: 512)
     expect((SCrypt::Password.new(@password.to_s) == @secret)).to be(true)
   end
-
 end
 
-describe "Old-style hashes" do
+describe 'Old-style hashes' do
   before :each do
-    @secret = "my secret"
-    @hash = "400$8$d$173a8189751c095a29b933789560b73bf17b2e01$9bf66d74bd6f3ebcf99da3b379b689b89db1cb07"
+    @secret = 'my secret'
+    @hash = '400$8$d$173a8189751c095a29b933789560b73bf17b2e01$9bf66d74bd6f3ebcf99da3b379b689b89db1cb07'
   end
 
-  it "should compare successfully" do
+  it 'should compare successfully' do
     expect((SCrypt::Password.new(@hash) == @secret)).to be(true)
   end
 end
 
-describe "Respecting standard ruby behaviors" do
+describe 'Respecting standard ruby behaviors' do
   it 'should hash as an integer' do
     password = SCrypt::Password.create('')
     expect(password.hash).to be_kind_of(Integer)