Class: SCrypt::Password

Inherits:

String

Object
String
SCrypt::Password

show all

Defined in:

lib/scrypt.rb

Overview

A password management class which allows you to safely store users' passwords and compare them.

Example usage:

include "scrypt"

# hash a user's password
@password = Password.create("my grand secret")
@password #=> "2000$8$1$f5f2fa5fe5484a7091f1299768fbe92b5a7fbc77$6a385f22c54d92c314b71a4fd5ef33967c93d679"

# store it safely
@user.update_attribute(:password, @password)

# read it back
@user.reload!
@db_password = Password.new(@user.password)

# compare it after retrieval
@db_password == "my grand secret" #=> true
@db_password == "a paltry guess"  #=> false

Instance Attribute Summary (collapse)

- (Object) cost readonly

The cost factor used to create the hash.
- (Object) hash readonly

The hash portion of the stored password hash.
- (Object) salt readonly

The salt of the store password hash.

Class Method Summary (collapse)

+ (Object) create(secret, options = {})

Hashes a secret, returning a SCrypt::Password instance.

Instance Method Summary (collapse)

- (Object) ==(secret) (also: #is_password?)

Compares a potential secret against the hash.
- (Password) initialize(raw_hash) constructor

Initializes a SCrypt::Password instance with the data from a stored hash.

Constructor Details

- (`Password`) initialize(raw_hash)

Initializes a SCrypt::Password instance with the data from a stored hash.

# File 'lib/scrypt.rb', line 145

def initialize(raw_hash)
  if valid_hash?(raw_hash)
    self.replace(raw_hash)
    @cost, @salt, @hash = split_hash(self.to_s)
  else
    raise Errors::InvalidHash.new("invalid hash")
  end
end

Instance Attribute Details

- (`Object`) cost (readonly)

The cost factor used to create the hash.



121
122
123

# File 'lib/scrypt.rb', line 121

def cost
  @cost
end

- (`Object`) hash (readonly)

The hash portion of the stored password hash.



117
118
119

# File 'lib/scrypt.rb', line 117

def hash
  @hash
end

- (`Object`) salt (readonly)

The salt of the store password hash



119
120
121

# File 'lib/scrypt.rb', line 119

def salt
  @salt
end

Class Method Details

+ (`Object`) create(secret, options = {})

Hashes a secret, returning a SCrypt::Password instance. Takes three options (optional), which will determine the cost limits of the computation. :max_time specifies the maximum number of seconds the computation should take. :max_mem specifies the maximum number of bytes the computation should take. A value of 0 specifies no upper limit. The minimum is always 1 MB. :max_memfrac specifies the maximum memory in a fraction of available resources to use. Any value equal to 0 or greater than 0.5 will result in 0.5 being used. The scrypt key derivation function is designed to be far more secure against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt. The designers of scrypt estimate that on modern (2009) hardware, if 5 seconds are spent computing a derived key, the cost of a hardware brute-force attack against scrypt is roughly 4000 times greater than the cost of a similar attack against bcrypt (to find the same password), and 20000 times greater than a similar attack against PBKDF2. Default options will result in calculation time of approx. 200 ms with 1 MB memory use.

Example:

@password = SCrypt::Password.create("my secret", :max_time => 0.25)

# File 'lib/scrypt.rb', line 136

def create(secret, options = {})
  options = SCrypt::Engine::DEFAULTS.merge(options)
  salt = SCrypt::Engine.generate_salt(options)
  hash = SCrypt::Engine.hash_secret(secret, salt)
  Password.new(hash)
end

Instance Method Details

- (`Object`) ==(secret) Also known as: is_password?

Compares a potential secret against the hash. Returns true if the secret is the original secret, false otherwise.



155
156
157

# File 'lib/scrypt.rb', line 155

def ==(secret)
  super(SCrypt::Engine.hash_secret(secret, @cost + @salt))
end