Class: Authlogic::CryptoProviders::SCrypt

Inherits:
Object
  • Object
show all
Defined in:
lib/authlogic/crypto_providers/scrypt.rb

Overview

SCrypt is the default provider for Authlogic. It is the only choice in the adaptive hash family that accounts for hardware based attacks by compensating with memory bound as well as cpu bound computational constraints. It offers the same guarantees as BCrypt in the way of one-way, unique and slow.

Decided SCrypt is for you? Just install the scrypt gem:

gem install scrypt

Tell acts_as_authentic to use it:

acts_as_authentic do |c|
  c.crypto_provider = Authlogic::CryptoProviders::SCrypt
end

Constant Summary collapse

DEFAULTS =
{
  key_len: 32,
  salt_size: 8,
  max_time: 0.2,
  max_mem: 1024 * 1024,
  max_memfrac: 0.5
}.freeze

Class Attribute Summary collapse

Class Method Summary collapse

Class Attribute Details

.key_lenObject

Key length - length in bytes of generated key, from 16 to 512.



34
35
36
# File 'lib/authlogic/crypto_providers/scrypt.rb', line 34

def key_len
  @key_len ||= DEFAULTS[:key_len]
end

.max_memObject

Max memory - maximum memory usage. The minimum is always 1MB



49
50
51
# File 'lib/authlogic/crypto_providers/scrypt.rb', line 49

def max_mem
  @max_mem ||= DEFAULTS[:max_mem]
end

.max_memfracObject

Max memory fraction - maximum memory out of all available. Always greater than zero and <= 0.5.



55
56
57
# File 'lib/authlogic/crypto_providers/scrypt.rb', line 55

def max_memfrac
  @max_memfrac ||= DEFAULTS[:max_memfrac]
end

.max_timeObject

Max time - maximum time spent in computation



44
45
46
# File 'lib/authlogic/crypto_providers/scrypt.rb', line 44

def max_time
  @max_time ||= DEFAULTS[:max_time]
end

.salt_sizeObject

Salt size - size in bytes of random salt, from 8 to 32



39
40
41
# File 'lib/authlogic/crypto_providers/scrypt.rb', line 39

def salt_size
  @salt_size ||= DEFAULTS[:salt_size]
end

Class Method Details

.encrypt(*tokens) ⇒ Object

Creates an SCrypt hash for the password passed.



60
61
62
63
64
65
66
67
68
69
# File 'lib/authlogic/crypto_providers/scrypt.rb', line 60

def encrypt(*tokens)
  ::SCrypt::Password.create(
    join_tokens(tokens),
    key_len: key_len,
    salt_size: salt_size,
    max_mem: max_mem,
    max_memfrac: max_memfrac,
    max_time: max_time
  )
end

.matches?(hash, *tokens) ⇒ Boolean

Does the hash match the tokens? Uses the same tokens that were used to encrypt.

Returns:

  • (Boolean)


72
73
74
75
76
# File 'lib/authlogic/crypto_providers/scrypt.rb', line 72

def matches?(hash, *tokens)
  hash = new_from_hash(hash)
  return false if hash.blank?
  hash == join_tokens(tokens)
end