Class: OmniAuth::Strategies::Onetime

Inherits:

Object

• Object
• OmniAuth::Strategies::Onetime

Includes:

OmniAuth::Strategy

Defined in:

lib/omniauth/strategies/onetime.rb

Overview

An omniauth strategy using secure onetime passwords

Constant Summary

AdversarySingleDevice =

these options are a means of modeling a theoretical adversary and ensuring some minimum level of security against that adversary the default is roughly a cluster of 100 GPU’s, this is not inexpensive keep this in mind: xkcd.com/538/ cost = bcrypt cost speed = hashes per second per device at cost devices = number of devices

{ cost: 12, speed: 300, devices: 1 }

AdversaryMultiDevice =

{ cost: 12, speed: 300, devices: 128 }

Class Method Summary

• .adversary_adjust ⇒ Object

  factor to adjust bcrypt costs.

• .adversary_chance ⇒ Object

  percentage chance of the adversary cracking the password.

• .adversary_ratio ⇒ Object

  ratio of hashes per second needed to brute-force to the theoretical adversary, <= 1 means the adversary can crack within the time alloted higher is more secure, chance of cracking = 1 in adversary_ratio.

• .adversary_speed ⇒ Object

  hashes per second (total) at password_cost.

• .difficulty ⇒ Object

  hashes per second needed for 100% complete brute force higher is more secure.

Instance Method Summary

• #initialize(app, *args, &block) ⇒ Onetime constructor

  A new instance of Onetime.

Constructor Details

#initialize(app, *args, &block) ⇒ Onetime

Returns a new instance of Onetime.

# File 'lib/omniauth/strategies/onetime.rb', line 49

def initialize(app, *args, &block)
  super

  if options[:password_cache].nil? && defined?(Rails)
    options[:password_cache] = Rails.cache
  end

  if options[:password_cache].nil?
    raise 'omniauth-onetime must be configured with a password cache.'
  end
end

Class Method Details

.adversary_adjust ⇒ Object

factor to adjust bcrypt costs

# File 'lib/omniauth/strategies/onetime.rb', line 69

def self.adversary_adjust
  2**(default_options[:adversary][:cost] -
      default_options[:password_cost])
end

.adversary_chance ⇒ Object

percentage chance of the adversary cracking the password

# File 'lib/omniauth/strategies/onetime.rb', line 88

def self.adversary_chance
  100 / adversary_ratio
end

.adversary_ratio ⇒ Object

ratio of hashes per second needed to brute-force to the theoretical adversary, <= 1 means the adversary can crack within the time alloted higher is more secure, chance of cracking = 1 in adversary_ratio

# File 'lib/omniauth/strategies/onetime.rb', line 83

def self.adversary_ratio
  Rational(difficulty, adversary_speed)
end

.adversary_speed ⇒ Object

hashes per second (total) at password_cost

# File 'lib/omniauth/strategies/onetime.rb', line 75

def self.adversary_speed
  default_options[:adversary][:speed] *
    default_options[:adversary][:devices] * adversary_adjust
end

.difficulty ⇒ Object

hashes per second needed for 100% complete brute force higher is more secure

# File 'lib/omniauth/strategies/onetime.rb', line 63

def self.difficulty
  (26**default_options[:password_length]) /
    default_options[:password_time]
end