Class: Authlogic::CryptoProviders::SCrypt

Inherits:
Object
  • Object
show all
Defined in:
lib/authlogic/crypto_providers/scrypt.rb

Overview

SCrypt is the default provider for Authlogic. It is the only choice in the adaptive hash family that accounts for hardware based attacks by compensating with memory bound as well as cpu bound computational constraints. It offers the same guarantees as BCrypt in the way of one-way, unique and slow.

Decided SCrypt is for you? Just install the scrypt gem:

gem install scrypt

Tell acts_as_authentic to use it:

acts_as_authentic do |c|
  c.crypto_provider = Authlogic::CryptoProviders::SCrypt
end

Constant Summary collapse

DEFAULTS =
{
  key_len: 32,
  salt_size: 8,
  max_time: 0.2,
  max_mem: 1024 * 1024,
  max_memfrac: 0.5
}.freeze

Class Attribute Summary collapse

Class Method Summary collapse

Class Attribute Details

.key_lenObject

Key length - length in bytes of generated key, from 16 to 512.



32
33
34
# File 'lib/authlogic/crypto_providers/scrypt.rb', line 32

def key_len
  @key_len ||= DEFAULTS[:key_len]
end

.max_memObject

Max memory - maximum memory usage. The minimum is always 1MB



47
48
49
# File 'lib/authlogic/crypto_providers/scrypt.rb', line 47

def max_mem
  @max_mem ||= DEFAULTS[:max_mem]
end

.max_memfracObject

Max memory fraction - maximum memory out of all available. Always greater than zero and <= 0.5.



53
54
55
# File 'lib/authlogic/crypto_providers/scrypt.rb', line 53

def max_memfrac
  @max_memfrac ||= DEFAULTS[:max_memfrac]
end

.max_timeObject

Max time - maximum time spent in computation



42
43
44
# File 'lib/authlogic/crypto_providers/scrypt.rb', line 42

def max_time
  @max_time ||= DEFAULTS[:max_time]
end

.salt_sizeObject

Salt size - size in bytes of random salt, from 8 to 32



37
38
39
# File 'lib/authlogic/crypto_providers/scrypt.rb', line 37

def salt_size
  @salt_size ||= DEFAULTS[:salt_size]
end

Class Method Details

.encrypt(*tokens) ⇒ Object

Creates an SCrypt hash for the password passed.



58
59
60
61
62
63
64
65
66
67
# File 'lib/authlogic/crypto_providers/scrypt.rb', line 58

def encrypt(*tokens)
  ::SCrypt::Password.create(
    join_tokens(tokens),
    key_len: key_len,
    salt_size: salt_size,
    max_mem: max_mem,
    max_memfrac: max_memfrac,
    max_time: max_time
  )
end

.matches?(hash, *tokens) ⇒ Boolean

Does the hash match the tokens? Uses the same tokens that were used to encrypt.

Returns:

  • (Boolean)


70
71
72
73
74
# File 'lib/authlogic/crypto_providers/scrypt.rb', line 70

def matches?(hash, *tokens)
  hash = new_from_hash(hash)
  return false if hash.blank?
  hash == join_tokens(tokens)
end