Class: Authentication::Logic::CryptoProviders::SCrypt

Inherits:

Object

• Object
• Authentication::Logic::CryptoProviders::SCrypt

Defined in:

lib/auth/logic/crypto_providers/scrypt.rb

Overview

SCrypt is the default provider for Authentication::Logic. It is the only choice in the adaptive hash family that accounts for hardware based attacks by compensating with memory bound as well as cpu bound computational constraints. It offers the same guarantees as BCrypt in the way of one-way, unique and slow.

Decided SCrypt is for you? Just install the scrypt gem:

gem install scrypt

Tell acts_as_authentic to use it:

acts_as_authentic do |c|
  c.crypto_provider = Authentication::Logic::CryptoProviders::SCrypt
end

Constant Summary

DEFAULTS =

{
  key_len: 32,
  salt_size: 8,
  max_time: 0.2,
  max_mem: 1024 * 1024,
  max_memfrac: 0.5
}.freeze

Class Attribute Summary

• .key_len ⇒ Object

  Key length - length in bytes of generated key, from 16 to 512.

• .max_mem ⇒ Object

  Max memory - maximum memory usage.

• .max_memfrac ⇒ Object

  Max memory fraction - maximum memory out of all available.

• .max_time ⇒ Object

  Max time - maximum time spent in computation.

• .salt_size ⇒ Object

  Salt size - size in bytes of random salt, from 8 to 32.

Class Method Summary

• .encrypt(*tokens) ⇒ Object

  Creates an SCrypt hash for the password passed.

• .matches?(hash, *tokens) ⇒ Boolean

  Does the hash match the tokens? Uses the same tokens that were used to encrypt.

Class Attribute Details

.key_len ⇒ Object

Key length - length in bytes of generated key, from 16 to 512.

# File 'lib/auth/logic/crypto_providers/scrypt.rb', line 36

def key_len
  @key_len ||= DEFAULTS[:key_len]
end

.max_mem ⇒ Object

Max memory - maximum memory usage. The minimum is always 1MB

# File 'lib/auth/logic/crypto_providers/scrypt.rb', line 51

def max_mem
  @max_mem ||= DEFAULTS[:max_mem]
end

.max_memfrac ⇒ Object

Max memory fraction - maximum memory out of all available. Always greater than zero and <= 0.5.

# File 'lib/auth/logic/crypto_providers/scrypt.rb', line 57

def max_memfrac
  @max_memfrac ||= DEFAULTS[:max_memfrac]
end

.max_time ⇒ Object

Max time - maximum time spent in computation

# File 'lib/auth/logic/crypto_providers/scrypt.rb', line 46

def max_time
  @max_time ||= DEFAULTS[:max_time]
end

.salt_size ⇒ Object

Salt size - size in bytes of random salt, from 8 to 32

# File 'lib/auth/logic/crypto_providers/scrypt.rb', line 41

def salt_size
  @salt_size ||= DEFAULTS[:salt_size]
end

Class Method Details

.encrypt(*tokens) ⇒ Object

Creates an SCrypt hash for the password passed.

# File 'lib/auth/logic/crypto_providers/scrypt.rb', line 62

def encrypt(*tokens)
  ::SCrypt::Password.create(
    join_tokens(tokens),
    key_len: key_len,
    salt_size: salt_size,
    max_mem: max_mem,
    max_memfrac: max_memfrac,
    max_time: max_time
  )
end

.matches?(hash, *tokens) ⇒ Boolean

Does the hash match the tokens? Uses the same tokens that were used to encrypt.

Returns:

• (Boolean)

# File 'lib/auth/logic/crypto_providers/scrypt.rb', line 74

def matches?(hash, *tokens)
  hash = new_from_hash(hash)
  return false if hash.blank?

  hash == join_tokens(tokens)
end