9 PBKDF2_ITERATIONS = 1000
10 DIGEST_ALGORITHM = "sha512"
12 def self.create(password)
13 salt = SecureRandom.base64(SALT_BYTE_SIZE)
14 hash = self.hash(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE, DIGEST_ALGORITHM)
15 return hash, [DIGEST_ALGORITHM, PBKDF2_ITERATIONS, salt].join("!")
18 def self.check(hash, salt, candidate)
20 candidate = Digest::MD5.hexdigest(candidate)
22 algorithm, iterations, salt = salt.split("!")
23 size = Base64.strict_decode64(hash).length
24 candidate = self.hash(candidate, salt, iterations.to_i, size, algorithm)
26 candidate = Digest::MD5.hexdigest(salt + candidate)
29 return hash == candidate
32 def self.upgrade?(hash, salt)
36 algorithm, iterations, salt = salt.split("!")
37 return true if Base64.strict_decode64(salt).length != SALT_BYTE_SIZE
38 return true if Base64.strict_decode64(hash).length != HASH_BYTE_SIZE
39 return true if iterations.to_i != PBKDF2_ITERATIONS
40 return true if algorithm != DIGEST_ALGORITHM
50 def self.hash(password, salt, iterations, size, algorithm)
51 digest = OpenSSL::Digest.new(algorithm)
52 pbkdf2 = OpenSSL::PKCS5::pbkdf2_hmac(password, salt, iterations, size, digest)
53 Base64.strict_encode64(pbkdf2)