git ssb - dangerousbeans/%aPBe2k3ugtjBr4rrsU1…@460036059ec11b39706019801d8744daa2998a69

📄	CHANGELOG
📄	COPYING
📄	README
📄	Rakefile
📁	ext
📁	lib
📁	spec

README

1 = bcrypt-ruby
2 
3 An easy way to keep your users' passwords secure.
4 
5 == Why you should use bcrypt
6 
7 If you store user passwords in the clear, then an attacker who steals a copy of your database has a giant list of emails
8 and passwords. Some of your users will only have one password -- for their email account, for their banking account, for
9 your application. A simple hack could escalate into massive identity theft.
10 
11 It's your responsibility as a web developer to make your web application secure -- blaming your users for not being
12 security experts is not a professional response to risk.
13 
14 bcrypt allows you to easily harden your application against these kinds of attacks.
15 
16 == How to install bcrypt
17 
18   sudo gem install bcrypt-ruby
19   
20 You'll need a working compiler. (Win32 folks should use Cygwin or um, something else.)
21 
22 == How to use bcrypt in your Rails application
23 
24 === The +User+ model
25 
26   require 'bcrypt'
27   
28   class User < ActiveRecord::Base
29     # users.hash in the database is a :string
30     include BCrypt
31     
32     def password
33       @password ||= Password.new(hash)
34     end
35     
36     def password=(new_password)
37       @password = Password.create(new_password)
38       self.hash = @password
39     end
40     
41   end
42 
43 === Creating an account
44 
45   def create
46     @user = User.new(params[:user])
47     @user.password = params[:password]
48     @user.save!
49   end
50 
51 === Authenticating a user
52 
53   def login
54     @user = User.find_by_email(params[:email])
55     if @user.password == params[:password]
56       give_token
57     else
58       redirect_to home_url
59     end
60   end
61 
62 === If a user forgets their password?
63 
64   # assign them a random one and mail it to them, asking them to change it
65   def forgot_password
66     @user = User.find_by_email(params[:email])
67     random_password = Array.new(10).map { (65 + rand(58)).chr }.join
68     @user.password = random_password
69     @user.save!
70     Mailer.create_and_deliver_password_change(@user, random_password)
71   end
72 
73 == How to use bcrypt-ruby in general
74 
75   require 'bcrypt'
76   
77   my_password = BCrypt::Password.create("my password") #=> "$2a$10$vI8aWBnW3fID.ZQ4/zo1G.q1lRps.9cGLcZEiGDMVr5yUP1KUOYTa"
78   
79   my_password.version              #=> "2a"
80   my_password.cost                 #=> 10
81   my_password == "my password"     #=> true
82   my_password == "not my password" #=> false
83   
84   my_password = BCrypt::Password.new("$2a$10$vI8aWBnW3fID.ZQ4/zo1G.q1lRps.9cGLcZEiGDMVr5yUP1KUOYTa")
85   my_password == "my password"     #=> true
86   my_password == "not my password" #=> false
87 
88 Check the rdocs for more details -- BCrypt, BCrypt::Password.
89 
90 == How bcrypt() works
91 
92 bcrypt() is a hashing algorithm designed by Niels Provos and David Mazières of the OpenBSD Project.
93 
94 Hash algorithms take a chunk of data (e.g., your user's password) and create a "digital fingerprint," or hash, of it.
95 Because this process is not reversible, there's no way to go from the hash back to the password.
96 
97 In other words:
98 
99   hash(p) #=> <unique gibberish>
100 
101 You can store the hash and check it against a hash made of a potentially valid password:
102 
103   <unique gibberish> =? hash(just_entered_password)
104 
105 But even this has weaknesses -- attackers can just run lists of possible passwords through the same algorithm, store the
106 results in a big database, and then look up the passwords by their hash:
107 
108   PrecomputedPassword.find_by_hash(<unique gibberish>).password #=> "secret1"
109 
110 The solution to this is to add a small chunk of random data -- called a salt -- to the password before it's hashed:
111 
112   hash(salt + p) #=> <really unique gibberish>
113 
114 The salt is then stored along with the hash in the database, and used to check potentially valid passwords:
115 
116   <really unique gibberish> =? hash(salt + just_entered_password)
117   
118 bcrypt-ruby automatically handles the storage and generation of these salts for you.
119 
120 Adding a salt means that an attacker has to have a gigantic database for each unique salt -- for a salt made of 4
121 letters, that's 456,976 different databases. Pretty much no one has that much storage space, so attackers try a
122 different, slower method -- throw a list of potential passwords at each individual password:
123 
124   hash(salt + "aadvark") =? <really unique gibberish>
125   hash(salt + "abacus")  =? <really unique gibberish>
126   etc.
127   
128 This is much slower than the big database approach, but most hash algorithms are pretty quick -- and therein lies the
129 problem. Hash algorithms aren't usually designed to be slow, they're designed to turn gigabytes of data into secure
130 fingerprints as quickly as possible. bcrypt(), though, is designed to be computationally expensive:
131 
132   Ten thousand iterations:
133                user     system      total        real
134   md5      0.070000   0.000000   0.070000 (  0.070415)
135   bcrypt  22.230000   0.080000  22.310000 ( 22.493822)
136 
137 If an attacker was using Ruby to check each password, they could check ~140,000 passwords a second with MD5 but only
138 ~450 passwords a second with bcrypt().
139 
140 In addition, bcrypt() allows you to increase the amount of work required to hash a password as computers get faster. Old
141 passwords will still work fine, but new passwords can keep up with the times.
142 
143 bcrypt() is currently used as the default password storage hash in OpenBSD, widely regarded as the most secure operating
144 system available. 
145 
146 
147 For a more technical explanation of the algorithm and its design criteria, please read Niels Provos and David Mazières'
148 Usenix99 paper:
149 http://www.usenix.org/events/usenix99/provos.html
150 
151 If you'd like more down-to-earth advice regarding cryptography, I suggest reading <i>Practical Cryptography</i> by Niels
152 Ferguson and Bruce Schneier:
153 http://www.schneier.com/book-practical.html
154 
155 = Etc
156 
157 Author  :: Coda Hale <coda.hale@gmail.com>
158 Website :: http://blog.codahale.com
159

Built with git-ssb-web

1	= bcrypt-ruby
2
3	An easy way to keep your users' passwords secure.
4
5	== Why you should use bcrypt
6
7	If you store user passwords in the clear, then an attacker who steals a copy of your database has a giant list of emails
8	and passwords. Some of your users will only have one password -- for their email account, for their banking account, for
9	your application. A simple hack could escalate into massive identity theft.
10
11	It's your responsibility as a web developer to make your web application secure -- blaming your users for not being
12	security experts is not a professional response to risk.
13
14	bcrypt allows you to easily harden your application against these kinds of attacks.
15
16	== How to install bcrypt
17
18	sudo gem install bcrypt-ruby
19
20	You'll need a working compiler. (Win32 folks should use Cygwin or um, something else.)
21
22	== How to use bcrypt in your Rails application
23
24	=== The +User+ model
25
26	require 'bcrypt'
27
28	class User < ActiveRecord::Base
29	# users.hash in the database is a :string
30	include BCrypt
31
32	def password
33	@password \|\|= Password.new(hash)
34	end
35
36	def password=(new_password)
37	@password = Password.create(new_password)
38	self.hash = @password
39	end
40
41	end
42
43	=== Creating an account
44
45	def create
46	@user = User.new(params[:user])
47	@user.password = params[:password]
48	@user.save!
49	end
50
51	=== Authenticating a user
52
53	def login
54	@user = User.find_by_email(params[:email])
55	if @user.password == params[:password]
56	give_token
57	else
58	redirect_to home_url
59	end
60	end
61
62	=== If a user forgets their password?
63
64	# assign them a random one and mail it to them, asking them to change it
65	def forgot_password
66	@user = User.find_by_email(params[:email])
67	random_password = Array.new(10).map { (65 + rand(58)).chr }.join
68	@user.password = random_password
69	@user.save!
70	Mailer.create_and_deliver_password_change(@user, random_password)
71	end
72
73	== How to use bcrypt-ruby in general
74
75	require 'bcrypt'
76
77	my_password = BCrypt::Password.create("my password") #=> "$2a$10$vI8aWBnW3fID.ZQ4/zo1G.q1lRps.9cGLcZEiGDMVr5yUP1KUOYTa"
78
79	my_password.version #=> "2a"
80	my_password.cost #=> 10
81	my_password == "my password" #=> true
82	my_password == "not my password" #=> false
83
84	my_password = BCrypt::Password.new("$2a$10$vI8aWBnW3fID.ZQ4/zo1G.q1lRps.9cGLcZEiGDMVr5yUP1KUOYTa")
85	my_password == "my password" #=> true
86	my_password == "not my password" #=> false
87
88	Check the rdocs for more details -- BCrypt, BCrypt::Password.
89
90	== How bcrypt() works
91
92	bcrypt() is a hashing algorithm designed by Niels Provos and David Mazières of the OpenBSD Project.
93
94	Hash algorithms take a chunk of data (e.g., your user's password) and create a "digital fingerprint," or hash, of it.
95	Because this process is not reversible, there's no way to go from the hash back to the password.
96
97	In other words:
98
99	hash(p) #=> <unique gibberish>
100
101	You can store the hash and check it against a hash made of a potentially valid password:
102
103	<unique gibberish> =? hash(just_entered_password)
104
105	But even this has weaknesses -- attackers can just run lists of possible passwords through the same algorithm, store the
106	results in a big database, and then look up the passwords by their hash:
107
108	PrecomputedPassword.find_by_hash(<unique gibberish>).password #=> "secret1"
109
110	The solution to this is to add a small chunk of random data -- called a salt -- to the password before it's hashed:
111
112	hash(salt + p) #=> <really unique gibberish>
113
114	The salt is then stored along with the hash in the database, and used to check potentially valid passwords:
115
116	<really unique gibberish> =? hash(salt + just_entered_password)
117
118	bcrypt-ruby automatically handles the storage and generation of these salts for you.
119
120	Adding a salt means that an attacker has to have a gigantic database for each unique salt -- for a salt made of 4
121	letters, that's 456,976 different databases. Pretty much no one has that much storage space, so attackers try a
122	different, slower method -- throw a list of potential passwords at each individual password:
123
124	hash(salt + "aadvark") =? <really unique gibberish>
125	hash(salt + "abacus") =? <really unique gibberish>
126	etc.
127
128	This is much slower than the big database approach, but most hash algorithms are pretty quick -- and therein lies the
129	problem. Hash algorithms aren't usually designed to be slow, they're designed to turn gigabytes of data into secure
130	fingerprints as quickly as possible. bcrypt(), though, is designed to be computationally expensive:
131
132	Ten thousand iterations:
133	user system total real
134	md5 0.070000 0.000000 0.070000 ( 0.070415)
135	bcrypt 22.230000 0.080000 22.310000 ( 22.493822)
136
137	If an attacker was using Ruby to check each password, they could check ~140,000 passwords a second with MD5 but only
138	~450 passwords a second with bcrypt().
139
140	In addition, bcrypt() allows you to increase the amount of work required to hash a password as computers get faster. Old
141	passwords will still work fine, but new passwords can keep up with the times.
142
143	bcrypt() is currently used as the default password storage hash in OpenBSD, widely regarded as the most secure operating
144	system available.
145
146
147	For a more technical explanation of the algorithm and its design criteria, please read Niels Provos and David Mazières'
148	Usenix99 paper:
149	http://www.usenix.org/events/usenix99/provos.html
150
151	If you'd like more down-to-earth advice regarding cryptography, I suggest reading <i>Practical Cryptography</i> by Niels
152	Ferguson and Bruce Schneier:
153	http://www.schneier.com/book-practical.html
154
155	= Etc
156
157	Author :: Coda Hale <coda.hale@gmail.com>
158	Website :: http://blog.codahale.com
159

dangerousbeans / %aPBe2k3ugtjBr4rrsU1…