2013-03-06 20:12:16 +08:00
|
|
|
# Note: the pbkdf2 gem is bust on 2.0, the logic is so simple I am not sure it makes sense to have this in a gem atm (Sam)
|
|
|
|
#
|
|
|
|
# Also PBKDF2 monkey patches string ... don't like that at all
|
|
|
|
#
|
2013-07-23 09:36:01 +08:00
|
|
|
# Happy to move back to PBKDF2 ruby gem provided:
|
2013-03-06 20:12:16 +08:00
|
|
|
#
|
|
|
|
# 1. It works on Ruby 2.0
|
2013-07-23 09:36:01 +08:00
|
|
|
# 2. It works on 1.9.3
|
2013-03-06 20:12:16 +08:00
|
|
|
# 3. It does not monkey patch string
|
|
|
|
|
|
|
|
require 'openssl'
|
2013-03-08 21:54:40 +08:00
|
|
|
require 'xor'
|
2013-03-06 20:12:16 +08:00
|
|
|
|
|
|
|
class Pbkdf2
|
|
|
|
|
2013-07-23 09:36:01 +08:00
|
|
|
def self.hash_password(password, salt, iterations, algorithm = "sha256")
|
|
|
|
|
|
|
|
h = OpenSSL::Digest::Digest.new(algorithm)
|
|
|
|
|
2013-03-06 20:12:16 +08:00
|
|
|
u = ret = prf(h, password, salt + [1].pack("N"))
|
|
|
|
|
2013-07-23 09:36:01 +08:00
|
|
|
2.upto(iterations) do
|
2013-03-06 20:12:16 +08:00
|
|
|
u = prf(h, password, u)
|
2013-07-23 09:36:01 +08:00
|
|
|
ret.xor!(u)
|
2013-03-06 20:12:16 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
ret.bytes.map{|b| ("0" + b.to_s(16))[-2..-1]}.join("")
|
|
|
|
end
|
|
|
|
|
2013-07-23 09:36:01 +08:00
|
|
|
protected
|
2013-03-06 20:12:16 +08:00
|
|
|
|
2013-03-08 21:54:40 +08:00
|
|
|
# fallback xor in case we need it for jruby ... way slower
|
2013-03-06 20:12:16 +08:00
|
|
|
def self.xor(x,y)
|
|
|
|
x.bytes.zip(y.bytes).map{|x,y| x ^ y}.pack('c*')
|
|
|
|
end
|
|
|
|
|
|
|
|
def self.prf(hash_function, password, data)
|
|
|
|
OpenSSL::HMAC.digest(hash_function, password, data)
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|