Argon2::Simple
Argon2::Simple provides a wrapper around Argon2. Argon2::Simple simplifies the process of creating passwords hashes and checking submitted passwords against those hashes.
To hash a password, use the hash
method:
pw_clear = 'my password'
hashed = Argon2::Simple.hash(pw_clear)
puts hashed # => $argon2i$v=19$m=65536,t=2,p=1$K4BXPfBeuZSnqxia/abuRQ$0+jibsWcClNY+HHSXxQlsEi/RboEScY8XM5mh4ehFlA
To check a submitted password against the hash, use the check
method:
# check against clear password
puts Argon2::Simple.check(pw_clear, hashed) # => true
# check against incorrect password
puts Argon2::Simple.check('whatever', hashed) # => false
Because Argon2 is one of the most secure hashing algorithms in the world, it is also one of the slowest. To speed things up, Argon2::Simple caches successful password checks. This benefits applications which tend to get the same successful passwords repeatedely, such as a web site that stores an authentication token in a cookie.
By default, Argon2::Simple caches the last 100 successful passwords. You can
change that limit with the reset
method. So, for example, to set it to 1,000:
Argon2::Simple.reset 1000
To turn off caching, reset with 0:
Argon2::Simple.reset 0
The following test shows the advantage of caching. The test is run first with the default caching of 100, then with no caching.
def tester
pw_clear = 'my password'
hashed = Argon2::Simple.hash(pw_clear)
puts Benchmark.measure {
100.times do
Argon2::Simple.check(pw_clear, hashed)
end
}
end
tester() # run with default cache
Argon2::Simple.reset 0 # turn off caching
tester() # run without cache
That outputs benchmarks something like this:
0.210000 0.050000 0.260000 ( 0.277293)
22.040000 4.240000 26.280000 ( 26.440273)
So for just 100 checks, the time went from about 1/20 of a second to over 4 seconds. Obviously, if your application tends to get a lot of incorrect passwords then the cache doesn't help. I'm thinking of adding the feature that it can also cache unsuccessful authentication attempts. Let me know if that would be helpful.
Install
gem install argon2-simple
Author
Mike O'Sullivan [email protected]
History
version | date | notes |
---|---|---|
0.0.2 | Nov 10, 2018 | Initial upload. |