seraph 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +31 -20
- data/lib/seraph/configuration.rb +4 -0
- data/lib/seraph/version.rb +1 -1
- data/spec/spec_helper.rb +4 -0
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9062ea4972e3a44b97a05b4935c8f5936b05fe24
|
4
|
+
data.tar.gz: a0117bd6c8d5b547b1ff0f2dcb018fa6e06946c4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0e5b596ae436664b9b9f38cc1d51e86e2be6e1fefdb63e51268daf8bc46fc7d13f9c1667930fd4dfc072d086045fec12cadc63a4f315b9a524c90f0015e9fde1
|
7
|
+
data.tar.gz: 2b619e40492e7663987ba48d6684b5382ff38c4f02961a57d30bf525359880e1197fcf9a35401e11ced508ff0e25f55420290fc724d680cae51282b09377d453
|
data/README.md
CHANGED
@@ -11,50 +11,61 @@ Enter in your terminal
|
|
11
11
|
gem install seraph
|
12
12
|
```
|
13
13
|
or put
|
14
|
-
```
|
14
|
+
``` ruby
|
15
15
|
gem 'seraph'
|
16
16
|
```
|
17
17
|
inside your `Gemfile`
|
18
18
|
|
19
|
-
|
20
|
-
|
21
|
-
seraph offers two basic functionalities:
|
19
|
+
## Configuration
|
22
20
|
|
23
|
-
|
24
|
-
* checking if provided password matches the encrypted password (authentication)
|
21
|
+
You can set the pepper that will be used when encrypting the password.
|
25
22
|
|
26
|
-
|
27
|
-
|
28
|
-
seraph uses [BCrypt](https://github.com/codahale/bcrypt-ruby) to hash the password. Additionally a pepper can be provided:
|
23
|
+
Pepper strenghtens the security of your encrypted passwords, because even if you have an SQL Injection vulnerability in your code, the attacker won't be able to get the passwords, because the pepper will be added to each password before encryption. This is ofcourse true only if the attacker doesn't have access to your application code!
|
29
24
|
|
30
25
|
To get a random, high-entropy pepper, you can use `/dev/urandom`:
|
31
26
|
|
32
27
|
```
|
33
|
-
|
34
|
-
435a501746f35834862e49fd6654680803bc37a2a83bc67318342603b7176aaa
|
28
|
+
xxd -l 32 -p /dev/urandom
|
35
29
|
```
|
36
30
|
|
37
|
-
|
31
|
+
Then use in the configuration block
|
32
|
+
|
33
|
+
``` ruby
|
34
|
+
Seraph.configure do |config|
|
35
|
+
config.pepper = 'GENERATED-PEPPER'
|
36
|
+
end
|
37
|
+
```
|
38
|
+
|
39
|
+
But remember to save the pepper, because if you lose it, none of your users will be able to login!
|
40
|
+
|
41
|
+
## What do you get?
|
42
|
+
|
43
|
+
Seraph offers two basic functionalities:
|
44
|
+
|
45
|
+
* encrypting the password (registration)
|
46
|
+
* checking if provided password matches the encrypted password (authentication)
|
47
|
+
|
48
|
+
### Encrypting the password
|
49
|
+
|
50
|
+
Seraph uses [BCrypt](https://github.com/codahale/bcrypt-ruby) to hash the password. If you configure Seraph and set the pepper, it will be used in the encryption process.
|
38
51
|
|
39
|
-
|
52
|
+
To encrypt a password simply run:
|
40
53
|
|
41
54
|
``` ruby
|
42
|
-
|
43
|
-
|
44
|
-
# => "$2a$10$MvzzJOcgCbxmVAUqwq7Zye.3Hn9L0ahB4M8riQTK6cPUfJCR6x3ZW"
|
55
|
+
Seraph::PasswordEncryptor.call('foobar12')
|
56
|
+
# => "$2a$10$f1PWs.Qi3mtcL/fMaypEJu9HI0SchWLhsMd9kRhHEjP4v/3oqnB5G"
|
45
57
|
```
|
46
58
|
|
47
|
-
As a result you get the encrypted password, which you can
|
59
|
+
As a result you get the encrypted password, which you can be persisted in the database, alongside other user data (e-mail, login, etc.)
|
48
60
|
|
49
|
-
|
61
|
+
### WIP - Comparing a provided password with the encrypted one
|
50
62
|
|
51
63
|
Comparison is done using a constant-time secure comparison method, from the gem (fast_secure_compare)[https://github.com/daxtens/fast_secure_compare]
|
52
64
|
|
53
65
|
To do it simply run:
|
54
66
|
|
55
67
|
``` ruby
|
56
|
-
|
57
|
-
seraph::Authenticator.call(encrypted_password, plaintext_password)
|
68
|
+
Seraph::Authenticator.call(encrypted_password, plaintext_password)
|
58
69
|
# => true or false
|
59
70
|
```
|
60
71
|
|
data/lib/seraph/configuration.rb
CHANGED
data/lib/seraph/version.rb
CHANGED
data/spec/spec_helper.rb
CHANGED