Increase password stretching to 10000 interations

author Tom Hughes <tom@compton.nu>

Fri, 25 Nov 2016 08:54:57 +0000 (08:54 +0000)

committer Tom Hughes <tom@compton.nu>

Fri, 25 Nov 2016 08:54:57 +0000 (08:54 +0000)
author Tom Hughes <tom@compton.nu>
Fri, 25 Nov 2016 08:54:57 +0000 (08:54 +0000)
committer Tom Hughes <tom@compton.nu>
Fri, 25 Nov 2016 08:54:57 +0000 (08:54 +0000)
diff --git a/lib/password_hash.rb b/lib/password_hash.rb

index 4faac4da858ac2c7fbcd997cb91d9a0079b7ed92..c65df2c4fd7fc070496cf8dac2c5851e3e12f25a 100644 (file)
--- a/lib/password_hash.rb
+++ b/lib/password_hash.rb
@@ -6,7 +6,7 @@ require "digest/md5"
  module PasswordHash
    SALT_BYTE_SIZE = 32
    HASH_BYTE_SIZE = 32
-  PBKDF2_ITERATIONS = 1000
+  PBKDF2_ITERATIONS = 10000
    DIGEST_ALGORITHM = "sha512".freeze
  
    def self.create(password)
diff --git a/test/lib/password_hash_test.rb b/test/lib/password_hash_test.rb

index c481cc767d0933ce2904d586e9357091da3648ab..6f54a0d7adb276130b960d13e0364ee51ba9a1b6 100644 (file)
--- a/test/lib/password_hash_test.rb
+++ b/test/lib/password_hash_test.rb
@@ -14,6 +14,20 @@ class PasswordHashTest < ActiveSupport::TestCase
      assert_equal true, PasswordHash.upgrade?("67a1e09bb1f83f5007dc119c14d663aa", "salt")
    end
  
+  def test_pbkdf2_1000_32_sha512
+    assert_equal true, PasswordHash.check("ApT/28+FsTBLa/J8paWfgU84SoRiTfeY8HjKWhgHy08=", "sha512!1000!HR4z+hAvKV2ra1gpbRybtoNzm/CNKe4cf7bPKwdUNrk=", "password")
+    assert_equal false, PasswordHash.check("ApT/28+FsTBLa/J8paWfgU84SoRiTfeY8HjKWhgHy08=", "sha512!1000!HR4z+hAvKV2ra1gpbRybtoNzm/CNKe4cf7bPKwdUNrk=", "wrong")
+    assert_equal false, PasswordHash.check("ApT/28+FsTBLa/J8paWfgU84SoRiTfeY8HjKWhgHy08=", "sha512!1000!HR4z+hAvKV2ra1gwrongtoNzm/CNKe4cf7bPKwdUNrk=", "password")
+    assert_equal true, PasswordHash.upgrade?("ApT/28+FsTBLa/J8paWfgU84SoRiTfeY8HjKWhgHy08=", "sha512!1000!HR4z+hAvKV2ra1gpbRybtoNzm/CNKe4cf7bPKwdUNrk=")
+  end
+
+  def test_pbkdf2_10000_32_sha512
+    assert_equal true, PasswordHash.check("3wYbPiOxk/tU0eeIDjUhdvi8aDP3AbFtwYKKxF1IhGg=", "sha512!10000!OUQLgtM7eD8huvanFT5/WtWaCwdOdrir8QOtFwxhO0A=", "password")
+    assert_equal false, PasswordHash.check("3wYbPiOxk/tU0eeIDjUhdvi8aDP3AbFtwYKKxF1IhGg=", "sha512!10000!OUQLgtM7eD8huvanFT5/WtWaCwdOdrir8QOtFwxhO0A=", "wrong")
+    assert_equal false, PasswordHash.check("3wYbPiOxk/tU0eeIDjUhdvi8aDP3AbFtwYKKxF1IhGg=", "sha512!10000!OUQLgtMwronguvanFT5/WtWaCwdOdrir8QOtFwxhO0A=", "password")
+    assert_equal false, PasswordHash.upgrade?("3wYbPiOxk/tU0eeIDjUhdvi8aDP3AbFtwYKKxF1IhGg=", "sha512!10000!OUQLgtM7eD8huvanFT5/WtWaCwdOdrir8QOtFwxhO0A=")
+  end
+
    def test_default
      hash1, salt1 = PasswordHash.create("password")
      hash2, salt2 = PasswordHash.create("password")
author	Tom Hughes <tom@compton.nu>
	Fri, 25 Nov 2016 08:54:57 +0000 (08:54 +0000)
committer	Tom Hughes <tom@compton.nu>
	Fri, 25 Nov 2016 08:54:57 +0000 (08:54 +0000)
lib/password_hash.rb		patch \| blob \| history
test/lib/password_hash_test.rb		patch \| blob \| history