Argon2::Simple provides a wrapper around Argon2. Argon2::Simple simplifies the process of creating passwords hashes and checking submitted passwords against those hashes.
To hash a password, use the hash method:
pw_clear = 'my password'
hashed = Argon2::Simple.hash(pw_clear)
puts hashed # => $argon2i$v=19$m=65536,t=2,p=1$K4BXPfBeuZSnqxia/abuRQ$0+jibsWcClNY+HHSXxQlsEi/RboEScY8XM5mh4ehFlA
To check a submitted password against the hash, use the check method:
# check against clear password
puts Argon2::Simple.check(pw_clear, hashed) # => true
# check against incorrect password
puts Argon2::Simple.check('whatever', hashed) # => false
Because Argon2 is one of the most secure hashing algorithms in the world, it is also one of the slowest. To speed things up, Argon2::Simple caches successful password checks. This benefits applications which tend to get the same successful passwords repeatedely, such as a web site that stores an authentication token in a cookie.
By default, Argon2::Simple caches the last 100 successful passwords. You can
change that limit with the reset method. So, for example, to set it to 1,000:
Argon2::Simple.reset 1000
To turn off caching, reset with 0:
Argon2::Simple.reset 0
The following test shows the advantage of caching. The test is run first with the default caching of 100, then with no caching.
def tester
pw_clear = 'my password'
hashed = Argon2::Simple.hash(pw_clear)
puts Benchmark.measure {
100.times do
Argon2::Simple.check(pw_clear, hashed)
end
}
end
tester() # run with default cache
Argon2::Simple.reset 0 # turn off caching
tester() # run without cache
That outputs benchmarks something like this:
0.210000 0.050000 0.260000 ( 0.277293)
22.040000 4.240000 26.280000 ( 26.440273)
So for just 100 checks, the time went from about 1/20 of a second to over 4 seconds. Obviously, if your application tends to get a lot of incorrect passwords then the cache doesn't help. I'm thinking of adding the feature that it can also cache unsuccessful authentication attempts. Let me know if that would be helpful.
gem install argon2-simple
Mike O'Sullivan mike@idocs.com
| version | date | notes |
|---|---|---|
| 0.0.2 | Nov 10, 2018 | Initial upload. |
FAQs
Unknown package
We found that argon2-simple demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
OpenSSF has published OSPS Baseline, an initiative designed to establish a minimum set of security-related best practices for open source software projects.
Security News
Michigan TypeScript founder Dimitri Mitropoulos implements WebAssembly runtime in TypeScript types, enabling Doom to run after processing 177 terabytes of type definitions.
Security News
vlt's new "reproduce" tool verifies npm packages against their source code, outperforming traditional provenance adoption in the JavaScript ecosystem.