Class: RbNaCl::PasswordHash::SCrypt
- Inherits:
-
Object
- Object
- RbNaCl::PasswordHash::SCrypt
- Extended by:
- Sodium
- Defined in:
- lib/rbnacl/password_hash/scrypt.rb
Overview
The scrypt sequential memory hard password hashing function
scrypt is a password hash (or password based KDF). That is to say, where most hash functions are designed to be fast because hashing is often a bottleneck, scrypt is slow by design, because it's trying to "strengthen" the password by combining it with a random "salt" value then perform a series of operation on the result which are slow enough to defeat brute-force password cracking attempts.
scrypt is similar to the bcrypt and pbkdf2 password hashes in that it's designed to strengthen passwords, but includes a new design element called "sequential memory hardness" which helps defeat attempts by attackers to compensate for their lack of memory (since they're typically on GPUs or FPGAs) with additional computation.
Instance Method Summary collapse
-
#digest(password, salt) ⇒ String
Calculate an scrypt digest for a given password and salt.
-
#initialize(opslimit, memlimit, digest_size = 64) ⇒ RbNaCl::PasswordHash::SCrypt
constructor
Create a new SCrypt password hash object.
Methods included from Sodium
primitive, sodium_constant, sodium_function, sodium_function_with_return_code, sodium_primitive, sodium_type
Constructor Details
#initialize(opslimit, memlimit, digest_size = 64) ⇒ RbNaCl::PasswordHash::SCrypt
Create a new SCrypt password hash object
37 38 39 40 41 42 43 44 45 46 47 |
# File 'lib/rbnacl/password_hash/scrypt.rb', line 37 def initialize(opslimit, memlimit, digest_size = 64) # TODO: sanity check these parameters @opslimit = opslimit @memlimit = memlimit # TODO: check digest size validity # raise LengthError, "digest size too short" if @digest_size < BYTES_MIN # raise LengthError, "digest size too long" if @digest_size > BYTES_MAX @digest_size = digest_size end |
Instance Method Details
#digest(password, salt) ⇒ String
Calculate an scrypt digest for a given password and salt
55 56 57 58 59 60 61 62 63 |
# File 'lib/rbnacl/password_hash/scrypt.rb', line 55 def digest(password, salt) digest = Util.zeros(@digest_size) salt = Util.check_string(salt, SALTBYTES, "salt") success = self.class.scrypt(digest, @digest_size, password, password.bytesize, salt, @opslimit, @memlimit) raise CryptoError, "scrypt failed!" unless success digest end |