Class: Authlogic::CryptoProviders::BCrypt
- Inherits:
-
Object
- Object
- Authlogic::CryptoProviders::BCrypt
- Defined in:
- lib/authlogic/crypto_providers/bcrypt.rb
Overview
The family of adaptive hash functions (BCrypt, SCrypt, PBKDF2) is the best choice for password storage today. They have the three properties of password hashing that are desirable. They are one-way, unique, and slow. While a salted SHA or MD5 hash is one-way and unique, preventing rainbow table attacks, they are still lightning fast and attacks on the stored passwords are much more effective. This benchmark demonstrates the effective slowdown that BCrypt provides:
require "bcrypt"
require "digest"
require "benchmark"
Benchmark.bm(18) do |x|
x.report("BCrypt (cost = 10:") { 100.times { BCrypt::Password.create("mypass", :cost => 10) } }
x.report("BCrypt (cost = 4:") { 100.times { BCrypt::Password.create("mypass", :cost => 4) } }
x.report("Sha512:") { 100.times { Digest::SHA512.hexdigest("mypass") } }
x.report("Sha1:") { 100.times { Digest::SHA1.hexdigest("mypass") } }
end
user system total real
BCrypt (cost = 10): 37.360000 0.020000 37.380000 ( 37.558943)
BCrypt (cost = 4): 0.680000 0.000000 0.680000 ( 0.677460)
Sha512: 0.000000 0.000000 0.000000 ( 0.000672)
Sha1: 0.000000 0.000000 0.000000 ( 0.000454)
You can play around with the cost to get that perfect balance between performance and security. A default cost of 10 is the best place to start.
Decided BCrypt is for you? Just install the bcrypt gem:
gem install bcrypt
Tell acts_as_authentic to use it:
acts_as_authentic do |c|
c.crypto_provider = Authlogic::CryptoProviders::BCrypt
end
You are good to go!
Class Method Summary collapse
-
.cost ⇒ Object
This is the :cost option for the BCrpyt library.
- .cost=(val) ⇒ Object
-
.cost_matches?(hash) ⇒ Boolean
This method is used as a flag to tell Authlogic to “resave” the password upon a successful login, using the new cost.
-
.encrypt(*tokens) ⇒ Object
Creates a BCrypt hash for the password passed.
-
.matches?(hash, *tokens) ⇒ Boolean
Does the hash match the tokens? Uses the same tokens that were used to encrypt.
Class Method Details
.cost ⇒ Object
This is the :cost option for the BCrpyt library. The higher the cost the more secure it is and the longer is take the generate a hash. By default this is 10. Set this to any value >= the engine’s minimum (currently 4), play around with it to get that perfect balance between security and performance.
53 54 55 |
# File 'lib/authlogic/crypto_providers/bcrypt.rb', line 53 def cost @cost ||= 10 end |
.cost=(val) ⇒ Object
57 58 59 60 61 62 63 64 65 |
# File 'lib/authlogic/crypto_providers/bcrypt.rb', line 57 def cost=(val) if val < ::BCrypt::Engine::MIN_COST raise ArgumentError.new( "Authlogic's bcrypt cost cannot be set below the engine's " \ "min cost (#{::BCrypt::Engine::MIN_COST})" ) end @cost = val end |
.cost_matches?(hash) ⇒ Boolean
This method is used as a flag to tell Authlogic to “resave” the password upon a successful login, using the new cost
82 83 84 85 86 87 88 89 |
# File 'lib/authlogic/crypto_providers/bcrypt.rb', line 82 def cost_matches?(hash) hash = new_from_hash(hash) if hash.blank? false else hash.cost == cost end end |
.encrypt(*tokens) ⇒ Object
Creates a BCrypt hash for the password passed.
68 69 70 |
# File 'lib/authlogic/crypto_providers/bcrypt.rb', line 68 def encrypt(*tokens) ::BCrypt::Password.create(join_tokens(tokens), :cost => cost) end |
.matches?(hash, *tokens) ⇒ Boolean
Does the hash match the tokens? Uses the same tokens that were used to encrypt.
74 75 76 77 78 |
# File 'lib/authlogic/crypto_providers/bcrypt.rb', line 74 def matches?(hash, *tokens) hash = new_from_hash(hash) return false if hash.blank? hash == join_tokens(tokens) end |