RubyGems - scrypt - Versions diffs - 1.0.3 → 1.0.4 - Mend

scrypt 1.0.3 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    scrypt (1.0.3)
+    scrypt (1.0.4)
 GEM
   remote: http://rubygems.org/

data/README.md ADDED Viewed

@@ -0,0 +1,50 @@
+scrypt
+======
+The scrypt key derivation function is designed to be far more secure against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt.
+* http://www.tarsnap.com/scrypt.html
+* http://github.com/pbhogan/scrypt
+## Why you should use scrypt
+![KDF comparison](https://github.com/tarcieri/scrypt/raw/modern-readme/kdf-comparison.png)
+The designers of scrypt estimate that on modern (2009) hardware, if 5 seconds are spent computing a derived key, the cost of a hardware brute-force attack against scrypt is roughly 4000 times greater than the cost of a similar attack against bcrypt (to find the same password), and 20000 times greater than a similar attack against PBKDF2.
+## How to install scrypt
+```
+gem install scrypt
+```
+## How to use scrypt
+It works pretty similarly to ruby-bcrypt with a few minor differences, especially where the cost factor is concerned.
+```ruby
+include "scrypt"
+# hash a user's password
+@password = Password.create("my grand secret")
+@password #=> "2000$8$1$f5f2fa5fe5484a7091f1299768fbe92b5a7fbc77$6a385f22c54d92c314b71a4fd5ef33967c93d679"
+# store it safely
+@user.update_attribute(:password, @password)
+# read it back
+@user.reload!
+@db_password = Password.new(@user.password)
+# compare it after retrieval
+@db_password == "my grand secret" #=> true
+@db_password == "a paltry guess"  #=> false
+```
+Password.create takes three options which will determine the cost limits of the computation:
+* `:max_time` specifies the maximum number of seconds the computation should take.
+* `:max_mem` specifies the maximum number of bytes the computation should take. A value of 0 specifies no upper limit. The minimum is always 1 MB.
+* `:max_memfrac` specifies the maximum memory in a fraction of available resources to use. Any value equal to 0 or greater than 0.5 will result in 0.5 being used.
+Default options will result in calculation time of approx. 200 ms with 1 MB memory use.

data/ext/mri/Makefile CHANGED Viewed

@@ -1,70 +1,97 @@
 SHELL = /bin/sh
+# V=0 quiet, V=1 verbose.  other values don't work.
+V = 0
+Q1 = $(V:1=)
+Q = $(Q1:0=@)
+n=$(NULLCMD)
+ECHO1 = $(V:1=@$n)
+ECHO = $(ECHO1:0=@echo)
 #### Start of system configuration section. ####
 srcdir = .
-topdir = /Users/pbhogan/.rvm/rubies/ree-1.8.7-2010.02/lib/ruby/1.8/i686-darwin10.4.0
-hdrdir = $(topdir)
-VPATH = $(srcdir):$(topdir):$(hdrdir)
+topdir = /Volumes/Secondary/Users/pbhogan/.rvm/rubies/ruby-1.9.3-p125/include/ruby-1.9.1
+hdrdir = /Volumes/Secondary/Users/pbhogan/.rvm/rubies/ruby-1.9.3-p125/include/ruby-1.9.1
+arch_hdrdir = /Volumes/Secondary/Users/pbhogan/.rvm/rubies/ruby-1.9.3-p125/include/ruby-1.9.1/$(arch)
+VPATH = $(srcdir):$(arch_hdrdir)/ruby:$(hdrdir)/ruby
+prefix = $(DESTDIR)/Volumes/Secondary/Users/pbhogan/.rvm/rubies/ruby-1.9.3-p125
+rubylibprefix = $(libdir)/$(RUBY_BASE_NAME)
 exec_prefix = $(prefix)
-prefix = $(DESTDIR)/Users/pbhogan/.rvm/rubies/ree-1.8.7-2010.02
-sharedstatedir = $(prefix)/com
+vendorhdrdir = $(rubyhdrdir)/vendor_ruby
+sitehdrdir = $(rubyhdrdir)/site_ruby
+rubyhdrdir = $(includedir)/$(RUBY_BASE_NAME)-$(ruby_version)
+vendordir = $(rubylibprefix)/vendor_ruby
+sitedir = $(rubylibprefix)/site_ruby
+ridir = $(datarootdir)/$(RI_BASE_NAME)
 mandir = $(datarootdir)/man
-psdir = $(docdir)
-oldincludedir = $(DESTDIR)/usr/include
 localedir = $(datarootdir)/locale
-bindir = $(exec_prefix)/bin
-libexecdir = $(exec_prefix)/libexec
-sitedir = $(libdir)/ruby/site_ruby
+libdir = $(exec_prefix)/lib
+psdir = $(docdir)
+pdfdir = $(docdir)
+dvidir = $(docdir)
 htmldir = $(docdir)
-vendorarchdir = $(vendorlibdir)/$(sitearch)
-includedir = $(prefix)/include
 infodir = $(datarootdir)/info
-vendorlibdir = $(vendordir)/$(ruby_version)
-sysconfdir = $(prefix)/etc
-libdir = $(exec_prefix)/lib
-sbindir = $(exec_prefix)/sbin
-rubylibdir = $(libdir)/ruby/$(ruby_version)
 docdir = $(datarootdir)/doc/$(PACKAGE)
-dvidir = $(docdir)
-vendordir = $(libdir)/ruby/vendor_ruby
+oldincludedir = $(DESTDIR)/usr/include
+includedir = $(prefix)/include
+localstatedir = $(prefix)/var
+sharedstatedir = $(prefix)/com
+sysconfdir = $(prefix)/etc
+datadir = $(datarootdir)
 datarootdir = $(prefix)/share
-pdfdir = $(docdir)
+libexecdir = $(exec_prefix)/libexec
+sbindir = $(exec_prefix)/sbin
+bindir = $(exec_prefix)/bin
+rubylibdir = $(rubylibprefix)/$(ruby_version)
 archdir = $(rubylibdir)/$(arch)
-sitearchdir = $(sitelibdir)/$(sitearch)
-datadir = $(datarootdir)
-localstatedir = $(prefix)/var
 sitelibdir = $(sitedir)/$(ruby_version)
+sitearchdir = $(sitelibdir)/$(sitearch)
+vendorlibdir = $(vendordir)/$(ruby_version)
+vendorarchdir = $(vendorlibdir)/$(sitearch)
+NULLCMD = :
-CC = gcc -Wall
-LIBRUBY = $(LIBRUBY_A)
+CC = /usr/bin/gcc-4.2 -Wall
+CXX = g++-4.2
+LIBRUBY = $(LIBRUBY_SO)
 LIBRUBY_A = lib$(RUBY_SO_NAME)-static.a
-LIBRUBYARG_SHARED =
+LIBRUBYARG_SHARED = -l$(RUBY_SO_NAME)
 LIBRUBYARG_STATIC = -l$(RUBY_SO_NAME)-static
+OUTFLAG = -o
+COUTFLAG = -o
 RUBY_EXTCONF_H =
-CFLAGS   =  -fno-common -g -O2  -pipe -fno-common $(cflags)
-INCFLAGS = -I. -I$(topdir) -I$(hdrdir) -I$(srcdir)
+cflags   =  $(optflags) $(debugflags) $(warnflags)
+optflags = -O3
+debugflags = -g
+warnflags = -Wextra -Wno-unused-parameter -Wno-parentheses -Wno-long-long -Wno-missing-field-initializers -Wpointer-arith -Wwrite-strings -Wdeclaration-after-statement -Wshorten-64-to-32 -Wimplicit-function-declaration
+CFLAGS   = -fno-common $(cflags)  -fno-common -pipe $(ARCH_FLAG)
+INCFLAGS = -I. -I$(arch_hdrdir) -I$(hdrdir)/ruby/backward -I$(hdrdir) -I$(srcdir)
 DEFS     =
-CPPFLAGS =   -D_XOPEN_SOURCE -D_DARWIN_C_SOURCE $(DEFS) $(cppflags)
-CXXFLAGS = $(CFLAGS)
-ldflags  = -L.
-dldflags =
-archflag =
-DLDFLAGS = $(ldflags) $(dldflags) $(archflag)
-LDSHARED = cc -dynamic -bundle -undefined suppress -flat_namespace
+CPPFLAGS =  -I/Volumes/Secondary/Users/pbhogan/.rvm/usr/include -D_XOPEN_SOURCE -D_DARWIN_C_SOURCE $(DEFS) $(cppflags)
+CXXFLAGS = $(CFLAGS) $(cxxflags)
+ldflags  = -L. -L/usr/local/lib
+dldflags = -Wl,-undefined,dynamic_lookup -Wl,-multiply_defined,suppress -Wl,-flat_namespace
+ARCH_FLAG =
+DLDFLAGS = $(ldflags) $(dldflags) $(ARCH_FLAG)
+LDSHARED = $(CC) -dynamic -bundle
+LDSHAREDXX = $(CXX) -dynamic -bundle
 AR = ar
 EXEEXT =
+RUBY_BASE_NAME = ruby
 RUBY_INSTALL_NAME = ruby
-RUBY_SO_NAME = ruby
-arch = i686-darwin10.4.0
-sitearch = i686-darwin10.4.0
-ruby_version = 1.8
-ruby = /Users/pbhogan/.rvm/rubies/ree-1.8.7-2010.02/bin/ruby
+RUBY_SO_NAME = ruby.1.9.1
+arch = x86_64-darwin11.3.0
+sitearch = $(arch)
+ruby_version = 1.9.1
+ruby = /Volumes/Secondary/Users/pbhogan/.rvm/rubies/ruby-1.9.3-p125/bin/ruby
 RUBY = $(ruby)
 RM = rm -f
+RM_RF = $(RUBY) -run -e rm -- -rf
+RMDIRS = rmdir -p
 MAKEDIRS = mkdir -p
 INSTALL = /usr/bin/install -c
 INSTALL_PROG = $(INSTALL) -m 0755
@@ -75,18 +102,19 @@ COPY = cp
 preload =
-libpath = . $(libdir)
-LIBPATH =  -L. -L$(libdir)
+libpath = . $(libdir) /Volumes/Secondary/Users/pbhogan/.rvm/usr/lib
+LIBPATH =  -L. -L$(libdir) -L/Volumes/Secondary/Users/pbhogan/.rvm/usr/lib
 DEFFILE =
 CLEANFILES = mkmf.log
 DISTCLEANFILES =
+DISTCLEANDIRS =
 extout =
 extout_prefix =
 target_prefix =
 LOCAL_LIBS =
-LIBS =   -ldl -lobjc
+LIBS = $(LIBRUBYARG_SHARED)  -lpthread -ldl -lobjc
 SRCS = crypto_scrypt-ref.c memlimit.c scrypt_calibrate.c scrypt_ext.c scryptenc_cpuperf.c sha256.c
 OBJS = crypto_scrypt-ref.o memlimit.o scrypt_calibrate.o scrypt_ext.o scryptenc_cpuperf.o sha256.o
 TARGET = scrypt_ext
@@ -98,60 +126,88 @@ BINDIR        = $(bindir)
 RUBYCOMMONDIR = $(sitedir)$(target_prefix)
 RUBYLIBDIR    = $(sitelibdir)$(target_prefix)
 RUBYARCHDIR   = $(sitearchdir)$(target_prefix)
+HDRDIR        = $(rubyhdrdir)/ruby$(target_prefix)
+ARCHHDRDIR    = $(rubyhdrdir)/$(arch)/ruby$(target_prefix)
 TARGET_SO     = $(DLLIB)
-CLEANLIBS     = $(TARGET).bundle $(TARGET).il? $(TARGET).tds $(TARGET).map
-CLEANOBJS     = *.o *.a *.s[ol] *.pdb *.exp *.bak
-all:		$(DLLIB)
-static:		$(STATIC_LIB)
-clean:
+CLEANLIBS     = $(TARGET).bundle
+CLEANOBJS     = *.o  *.bak
+all:    $(DLLIB)
+static: $(STATIC_LIB)
+.PHONY: all install static install-so install-rb
+.PHONY: clean clean-so clean-rb
+clean-rb-default::
+clean-rb::
+clean-so::
+clean: clean-so clean-rb-default clean-rb
 		@-$(RM) $(CLEANLIBS) $(CLEANOBJS) $(CLEANFILES)
-distclean:	clean
+distclean-rb-default::
+distclean-rb::
+distclean-so::
+distclean: clean distclean-so distclean-rb-default distclean-rb
 		@-$(RM) Makefile $(RUBY_EXTCONF_H) conftest.* mkmf.log
 		@-$(RM) core ruby$(EXEEXT) *~ $(DISTCLEANFILES)
+		@-$(RMDIRS) $(DISTCLEANDIRS) 2> /dev/null || true
-realclean:	distclean
+realclean: distclean
 install: install-so install-rb
 install-so: $(RUBYARCHDIR)
 install-so: $(RUBYARCHDIR)/$(DLLIB)
 $(RUBYARCHDIR)/$(DLLIB): $(DLLIB)
-	$(INSTALL_PROG) $(DLLIB) $(RUBYARCHDIR)
+	@-$(MAKEDIRS) $(@D)
+	$(INSTALL_PROG) $(DLLIB) $(@D)
 install-rb: pre-install-rb install-rb-default
 install-rb-default: pre-install-rb-default
 pre-install-rb: Makefile
 pre-install-rb-default: Makefile
+pre-install-rb-default:
+	$(ECHO) installing default scrypt_ext libraries
 $(RUBYARCHDIR):
-	$(MAKEDIRS) $@
+	$(Q) $(MAKEDIRS) $@
 site-install: site-install-so site-install-rb
 site-install-so: install-so
 site-install-rb: install-rb
-.SUFFIXES: .c .m .cc .cxx .cpp .C .o
+.SUFFIXES: .c .m .cc .mm .cxx .cpp .C .o
 .cc.o:
-	$(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) -c $<
+	$(ECHO) compiling $(<)
+	$(Q) $(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) $(COUTFLAG)$@ -c $<
+.mm.o:
+	$(ECHO) compiling $(<)
+	$(Q) $(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) $(COUTFLAG)$@ -c $<
 .cxx.o:
-	$(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) -c $<
+	$(ECHO) compiling $(<)
+	$(Q) $(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) $(COUTFLAG)$@ -c $<
 .cpp.o:
-	$(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) -c $<
+	$(ECHO) compiling $(<)
+	$(Q) $(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) $(COUTFLAG)$@ -c $<
 .C.o:
-	$(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) -c $<
+	$(ECHO) compiling $(<)
+	$(Q) $(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) $(COUTFLAG)$@ -c $<
 .c.o:
-	$(CC) $(INCFLAGS) $(CPPFLAGS) $(CFLAGS) -c $<
+	$(ECHO) compiling $(<)
+	$(Q) $(CC) $(INCFLAGS) $(CPPFLAGS) $(CFLAGS) $(COUTFLAG)$@ -c $<
+.m.o:
+	$(ECHO) compiling $(<)
+	$(Q) $(CC) $(INCFLAGS) $(CPPFLAGS) $(CFLAGS) $(COUTFLAG)$@ -c $<
 $(DLLIB): $(OBJS) Makefile
-	@-$(RM) $@
-	$(LDSHARED) -o $@ $(OBJS) $(LIBPATH) $(DLDFLAGS) $(LOCAL_LIBS) $(LIBS)
+	$(ECHO) linking shared-object $(DLLIB)
+	@-$(RM) $(@)
+	$(Q) $(LDSHARED) -o $@ $(OBJS) $(LIBPATH) $(DLDFLAGS) $(LOCAL_LIBS) $(LIBS)
-$(OBJS): ruby.h defines.h
+$(OBJS): $(hdrdir)/ruby.h $(hdrdir)/ruby/defines.h $(arch_hdrdir)/ruby/config.h

data/ext/mri/crypto_scrypt-ref.c CHANGED Viewed

@@ -255,7 +255,7 @@ crypto_scrypt(const uint8_t * passwd, size_t passwdlen,
 		goto err2;
 	/* 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen) */
-	PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, 1, B, p * 128 * r);
+	PBKDF2_scrypt_SHA256(passwd, passwdlen, salt, saltlen, 1, B, p * 128 * r);
 	/* 2: for i = 0 to p - 1 do */
 	for (i = 0; i < p; i++) {
@@ -264,7 +264,7 @@ crypto_scrypt(const uint8_t * passwd, size_t passwdlen,
 	}
 	/* 5: DK <-- PBKDF2(P, B, 1, dkLen) */
-	PBKDF2_SHA256(passwd, passwdlen, B, p * 128 * r, 1, buf, buflen);
+	PBKDF2_scrypt_SHA256(passwd, passwdlen, B, p * 128 * r, 1, buf, buflen);
 	/* Free memory. */
 	free(V);

data/ext/mri/sha256.c CHANGED Viewed

@@ -60,7 +60,7 @@ be32dec_vect(uint32_t *dst, const unsigned char *src, size_t len)
 		dst[i] = be32dec(src + i * 4);
 }
-/* Elementary functions used by SHA256 */
+/* Elementary functions used by scrypt_SHA256 */
 #define Ch(x, y, z)	((x & (y ^ z)) ^ z)
 #define Maj(x, y, z)	((x & (y | z)) | (y & z))
 #define SHR(x, n)	(x >> n)
@@ -70,7 +70,7 @@ be32dec_vect(uint32_t *dst, const unsigned char *src, size_t len)
 #define s0(x)		(ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3))
 #define s1(x)		(ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10))
-/* SHA256 round function */
+/* scrypt_SHA256 round function */
 #define RND(a, b, c, d, e, f, g, h, k)			\
 	t0 = h + S1(e) + Ch(e, f, g) + k;		\
 	t1 = S0(a) + Maj(a, b, c);			\
@@ -86,11 +86,11 @@ be32dec_vect(uint32_t *dst, const unsigned char *src, size_t len)
 	    W[i] + k)
 /*
- * SHA256 block compression function.  The 256-bit state is transformed via
+ * scrypt_SHA256 block compression function.  The 256-bit state is transformed via
  * the 512-bit input block to produce a new state.
  */
 static void
-SHA256_Transform(uint32_t * state, const unsigned char block[64])
+scrypt_SHA256_Transform(uint32_t * state, const unsigned char block[64])
 {
 	uint32_t W[64];
 	uint32_t S[8];
@@ -190,7 +190,7 @@ static unsigned char PAD[64] = {
 /* Add padding and terminating bit-count. */
 static void
-SHA256_Pad(SHA256_CTX * ctx)
+scrypt_SHA256_Pad(scrypt_SHA256_CTX * ctx)
 {
 	unsigned char len[8];
 	uint32_t r, plen;
@@ -204,15 +204,15 @@ SHA256_Pad(SHA256_CTX * ctx)
 	/* Add 1--64 bytes so that the resulting length is 56 mod 64 */
 	r = (ctx->count[1] >> 3) & 0x3f;
 	plen = (r < 56) ? (56 - r) : (120 - r);
-	SHA256_Update(ctx, PAD, (size_t)plen);
+	scrypt_SHA256_Update(ctx, PAD, (size_t)plen);
 	/* Add the terminating bit-count */
-	SHA256_Update(ctx, len, 8);
+	scrypt_SHA256_Update(ctx, len, 8);
 }
 /* SHA-256 initialization.  Begins a SHA-256 operation. */
 void
-SHA256_Init(SHA256_CTX * ctx)
+scrypt_SHA256_Init(scrypt_SHA256_CTX * ctx)
 {
 	/* Zero bits processed so far */
@@ -231,7 +231,7 @@ SHA256_Init(SHA256_CTX * ctx)
 /* Add bytes into the hash */
 void
-SHA256_Update(SHA256_CTX * ctx, const void *in, size_t len)
+scrypt_SHA256_Update(scrypt_SHA256_CTX * ctx, const void *in, size_t len)
 {
 	uint32_t bitlen[2];
 	uint32_t r;
@@ -257,13 +257,13 @@ SHA256_Update(SHA256_CTX * ctx, const void *in, size_t len)
 	/* Finish the current block */
 	memcpy(&ctx->buf[r], src, 64 - r);
-	SHA256_Transform(ctx->state, ctx->buf);
+	scrypt_SHA256_Transform(ctx->state, ctx->buf);
 	src += 64 - r;
 	len -= 64 - r;
 	/* Perform complete blocks */
 	while (len >= 64) {
-		SHA256_Transform(ctx->state, src);
+		scrypt_SHA256_Transform(ctx->state, src);
 		src += 64;
 		len -= 64;
 	}
@@ -277,11 +277,11 @@ SHA256_Update(SHA256_CTX * ctx, const void *in, size_t len)
  * and clears the context state.
  */
 void
-SHA256_Final(unsigned char digest[32], SHA256_CTX * ctx)
+scrypt_SHA256_Final(unsigned char digest[32], scrypt_SHA256_CTX * ctx)
 {
 	/* Add padding */
-	SHA256_Pad(ctx);
+	scrypt_SHA256_Pad(ctx);
 	/* Write the hash */
 	be32enc_vect(digest, ctx->state, 32);
@@ -290,80 +290,80 @@ SHA256_Final(unsigned char digest[32], SHA256_CTX * ctx)
 	memset((void *)ctx, 0, sizeof(*ctx));
 }
-/* Initialize an HMAC-SHA256 operation with the given key. */
+/* Initialize an HMAC-scrypt_SHA256 operation with the given key. */
 void
-HMAC_SHA256_Init(HMAC_SHA256_CTX * ctx, const void * _K, size_t Klen)
+HMAC_scrypt_SHA256_Init(HMAC_scrypt_SHA256_CTX * ctx, const void * _K, size_t Klen)
 {
 	unsigned char pad[64];
 	unsigned char khash[32];
 	const unsigned char * K = _K;
 	size_t i;
-	/* If Klen > 64, the key is really SHA256(K). */
+	/* If Klen > 64, the key is really scrypt_SHA256(K). */
 	if (Klen > 64) {
-		SHA256_Init(&ctx->ictx);
-		SHA256_Update(&ctx->ictx, K, Klen);
-		SHA256_Final(khash, &ctx->ictx);
+		scrypt_SHA256_Init(&ctx->ictx);
+		scrypt_SHA256_Update(&ctx->ictx, K, Klen);
+		scrypt_SHA256_Final(khash, &ctx->ictx);
 		K = khash;
 		Klen = 32;
 	}
-	/* Inner SHA256 operation is SHA256(K xor [block of 0x36] || data). */
-	SHA256_Init(&ctx->ictx);
+	/* Inner scrypt_SHA256 operation is scrypt_SHA256(K xor [block of 0x36] || data). */
+	scrypt_SHA256_Init(&ctx->ictx);
 	memset(pad, 0x36, 64);
 	for (i = 0; i < Klen; i++)
 		pad[i] ^= K[i];
-	SHA256_Update(&ctx->ictx, pad, 64);
+	scrypt_SHA256_Update(&ctx->ictx, pad, 64);
-	/* Outer SHA256 operation is SHA256(K xor [block of 0x5c] || hash). */
-	SHA256_Init(&ctx->octx);
+	/* Outer scrypt_SHA256 operation is scrypt_SHA256(K xor [block of 0x5c] || hash). */
+	scrypt_SHA256_Init(&ctx->octx);
 	memset(pad, 0x5c, 64);
 	for (i = 0; i < Klen; i++)
 		pad[i] ^= K[i];
-	SHA256_Update(&ctx->octx, pad, 64);
+	scrypt_SHA256_Update(&ctx->octx, pad, 64);
 	/* Clean the stack. */
 	memset(khash, 0, 32);
 }
-/* Add bytes to the HMAC-SHA256 operation. */
+/* Add bytes to the HMAC-scrypt_SHA256 operation. */
 void
-HMAC_SHA256_Update(HMAC_SHA256_CTX * ctx, const void *in, size_t len)
+HMAC_scrypt_SHA256_Update(HMAC_scrypt_SHA256_CTX * ctx, const void *in, size_t len)
 {
-	/* Feed data to the inner SHA256 operation. */
-	SHA256_Update(&ctx->ictx, in, len);
+	/* Feed data to the inner scrypt_SHA256 operation. */
+	scrypt_SHA256_Update(&ctx->ictx, in, len);
 }
-/* Finish an HMAC-SHA256 operation. */
+/* Finish an HMAC-scrypt_SHA256 operation. */
 void
-HMAC_SHA256_Final(unsigned char digest[32], HMAC_SHA256_CTX * ctx)
+HMAC_scrypt_SHA256_Final(unsigned char digest[32], HMAC_scrypt_SHA256_CTX * ctx)
 {
 	unsigned char ihash[32];
-	/* Finish the inner SHA256 operation. */
-	SHA256_Final(ihash, &ctx->ictx);
+	/* Finish the inner scrypt_SHA256 operation. */
+	scrypt_SHA256_Final(ihash, &ctx->ictx);
-	/* Feed the inner hash to the outer SHA256 operation. */
-	SHA256_Update(&ctx->octx, ihash, 32);
+	/* Feed the inner hash to the outer scrypt_SHA256 operation. */
+	scrypt_SHA256_Update(&ctx->octx, ihash, 32);
-	/* Finish the outer SHA256 operation. */
-	SHA256_Final(digest, &ctx->octx);
+	/* Finish the outer scrypt_SHA256 operation. */
+	scrypt_SHA256_Final(digest, &ctx->octx);
 	/* Clean the stack. */
 	memset(ihash, 0, 32);
 }
 /**
- * PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen):
- * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and
+ * PBKDF2_scrypt_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen):
+ * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-scrypt_SHA256 as the PRF, and
  * write the output to buf.  The value dkLen must be at most 32 * (2^32 - 1).
  */
 void
-PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt,
+PBKDF2_scrypt_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt,
     size_t saltlen, uint64_t c, uint8_t * buf, size_t dkLen)
 {
-	HMAC_SHA256_CTX PShctx, hctx;
+	HMAC_scrypt_SHA256_CTX PShctx, hctx;
 	size_t i;
 	uint8_t ivec[4];
 	uint8_t U[32];
@@ -373,8 +373,8 @@ PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt,
 	size_t clen;
 	/* Compute HMAC state after processing P and S. */
-	HMAC_SHA256_Init(&PShctx, passwd, passwdlen);
-	HMAC_SHA256_Update(&PShctx, salt, saltlen);
+	HMAC_scrypt_SHA256_Init(&PShctx, passwd, passwdlen);
+	HMAC_scrypt_SHA256_Update(&PShctx, salt, saltlen);
 	/* Iterate through the blocks. */
 	for (i = 0; i * 32 < dkLen; i++) {
@@ -382,18 +382,18 @@ PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt,
 		be32enc(ivec, (uint32_t)(i + 1));
 		/* Compute U_1 = PRF(P, S || INT(i)). */
-		memcpy(&hctx, &PShctx, sizeof(HMAC_SHA256_CTX));
-		HMAC_SHA256_Update(&hctx, ivec, 4);
-		HMAC_SHA256_Final(U, &hctx);
+		memcpy(&hctx, &PShctx, sizeof(HMAC_scrypt_SHA256_CTX));
+		HMAC_scrypt_SHA256_Update(&hctx, ivec, 4);
+		HMAC_scrypt_SHA256_Final(U, &hctx);
 		/* T_i = U_1 ... */
 		memcpy(T, U, 32);
 		for (j = 2; j <= c; j++) {
 			/* Compute U_j. */
-			HMAC_SHA256_Init(&hctx, passwd, passwdlen);
-			HMAC_SHA256_Update(&hctx, U, 32);
-			HMAC_SHA256_Final(U, &hctx);
+			HMAC_scrypt_SHA256_Init(&hctx, passwd, passwdlen);
+			HMAC_scrypt_SHA256_Update(&hctx, U, 32);
+			HMAC_scrypt_SHA256_Final(U, &hctx);
 			/* ... xor U_j ... */
 			for (k = 0; k < 32; k++)
@@ -408,5 +408,5 @@ PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt,
 	}
 	/* Clean PShctx, since we never called _Final on it. */
-	memset(&PShctx, 0, sizeof(HMAC_SHA256_CTX));
+	memset(&PShctx, 0, sizeof(HMAC_scrypt_SHA256_CTX));
 }

data/ext/mri/sha256.h CHANGED Viewed

@@ -26,37 +26,37 @@
  * $FreeBSD: src/lib/libmd/sha256.h,v 1.2 2006/01/17 15:35:56 phk Exp $
  */
-#ifndef _SHA256_H_
-#define _SHA256_H_
+#ifndef _scrypt_SHA256_H_
+#define _scrypt_SHA256_H_
 #include <sys/types.h>
 #include <stdint.h>
-typedef struct SHA256Context {
+typedef struct scrypt_SHA256Context {
 	uint32_t state[8];
 	uint32_t count[2];
 	unsigned char buf[64];
-} SHA256_CTX;
+} scrypt_SHA256_CTX;
-typedef struct HMAC_SHA256Context {
-	SHA256_CTX ictx;
-	SHA256_CTX octx;
-} HMAC_SHA256_CTX;
+typedef struct HMAC_scrypt_SHA256Context {
+	scrypt_SHA256_CTX ictx;
+	scrypt_SHA256_CTX octx;
+} HMAC_scrypt_SHA256_CTX;
-void	SHA256_Init(SHA256_CTX *);
-void	SHA256_Update(SHA256_CTX *, const void *, size_t);
-void	SHA256_Final(unsigned char [32], SHA256_CTX *);
-void	HMAC_SHA256_Init(HMAC_SHA256_CTX *, const void *, size_t);
-void	HMAC_SHA256_Update(HMAC_SHA256_CTX *, const void *, size_t);
-void	HMAC_SHA256_Final(unsigned char [32], HMAC_SHA256_CTX *);
+void	scrypt_SHA256_Init(scrypt_SHA256_CTX *);
+void	scrypt_SHA256_Update(scrypt_SHA256_CTX *, const void *, size_t);
+void	scrypt_SHA256_Final(unsigned char [32], scrypt_SHA256_CTX *);
+void	HMAC_scrypt_SHA256_Init(HMAC_scrypt_SHA256_CTX *, const void *, size_t);
+void	HMAC_scrypt_SHA256_Update(HMAC_scrypt_SHA256_CTX *, const void *, size_t);
+void	HMAC_scrypt_SHA256_Final(unsigned char [32], HMAC_scrypt_SHA256_CTX *);
 /**
- * PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen):
- * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and
+ * PBKDF2_scrypt_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen):
+ * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-scrypt_SHA256 as the PRF, and
  * write the output to buf.  The value dkLen must be at most 32 * (2^32 - 1).
  */
-void	PBKDF2_SHA256(const uint8_t *, size_t, const uint8_t *, size_t,
+void	PBKDF2_scrypt_SHA256(const uint8_t *, size_t, const uint8_t *, size_t,
     uint64_t, uint8_t *, size_t);
-#endif /* !_SHA256_H_ */
+#endif /* !_scrypt_SHA256_H_ */

data/kdf-comparison.png ADDED Viewed

Binary file

data/lib/scrypt/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module SCrypt
-  VERSION = "1.0.3"
+  VERSION = "1.0.4"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: scrypt
 version: !ruby/object:Gem::Version
-  version: 1.0.3
+  version: 1.0.4
   prerelease:
 platform: ruby
 authors:
@@ -9,12 +9,11 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-07-15 00:00:00.000000000 -05:00
-default_executable:
+date: 2012-04-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &2151879660 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -22,10 +21,15 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2151879660
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
-  requirement: &2151878380 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -33,7 +37,12 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2151878380
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: ! "    The scrypt key derivation function is designed to be far \n    more
   secure against hardware brute-force attacks than \n    alternative functions such
   as PBKDF2 or bcrypt.\n"
@@ -50,7 +59,7 @@ files:
 - COPYING
 - Gemfile
 - Gemfile.lock
-- README
+- README.md
 - Rakefile
 - Rakefile.old
 - autotest/discover.rb
@@ -69,13 +78,13 @@ files:
 - ext/mri/sha256.c
 - ext/mri/sha256.h
 - ext/mri/sysendian.h
+- kdf-comparison.png
 - lib/scrypt.rb
 - lib/scrypt/version.rb
 - scrypt.gemspec
 - spec/scrypt/engine_spec.rb
 - spec/scrypt/password_spec.rb
 - spec/spec_helper.rb
-has_rdoc: true
 homepage: ''
 licenses: []
 post_install_message:
@@ -90,7 +99,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -2866022726436582212
+      hash: 194968761822727959
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -99,10 +108,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -2866022726436582212
+      hash: 194968761822727959
 requirements: []
 rubyforge_project: scrypt
-rubygems_version: 1.6.2
+rubygems_version: 1.8.21
 signing_key:
 specification_version: 3
 summary: scrypt password hashing algorithm.

data/README DELETED Viewed

@@ -1,42 +0,0 @@
-= scrypt
-The scrypt key derivation function is designed to be far more secure against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt.
-* http://www.tarsnap.com/scrypt.html
-* http://github.com/pbhogan/scrypt
-== Why you should use scrypt
-The designers of scrypt estimate that on modern (2009) hardware, if 5 seconds are spent computing a derived key, the cost of a hardware brute-force attack against scrypt is roughly 4000 times greater than the cost of a similar attack against bcrypt (to find the same password), and 20000 times greater than a similar attack against PBKDF2.
-== How to install scrypt
-  gem install scrypt
-== How to use scrypt
-It works pretty similarly to ruby-bcrypt with a few minor differences, especially where the cost factor is concerned.
-	include "scrypt"
-	# hash a user's password
-	@password = Password.create("my grand secret")
-	@password #=> "2000$8$1$f5f2fa5fe5484a7091f1299768fbe92b5a7fbc77$6a385f22c54d92c314b71a4fd5ef33967c93d679"
-	# store it safely
-	@user.update_attribute(:password, @password)
-	# read it back
-	@user.reload!
-	@db_password = Password.new(@user.password)
-	# compare it after retrieval
-	@db_password == "my grand secret" #=> true
-	@db_password == "a paltry guess"  #=> false
-Password.create takes three options which will determine the cost limits of the computation.
-* :max_time specifies the maximum number of seconds the computation should take.
-* :max_mem specifies the maximum number of bytes the computation should take. A value of 0 specifies no upper limit. The minimum is always 1 MB.
-* :max_memfrac specifies the maximum memory in a fraction of available resources to use. Any value equal to 0 or greater than 0.5 will result in 0.5 being used.
-Default options will result in calculation time of approx. 200 ms with 1 MB memory use.