X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/ef7f3d800cbdd49b692df10d312e5fd880e2e938..3ba77dbaf4f6d1e5ceb11dcc645610e69b1cf0d4:/lib/password_hash.rb?ds=inline diff --git a/lib/password_hash.rb b/lib/password_hash.rb index fe618ba7a..afea82c11 100644 --- a/lib/password_hash.rb +++ b/lib/password_hash.rb @@ -6,8 +6,8 @@ require "digest/md5" module PasswordHash SALT_BYTE_SIZE = 32 HASH_BYTE_SIZE = 32 - PBKDF2_ITERATIONS = 1000 - DIGEST_ALGORITHM = "sha512" + PBKDF2_ITERATIONS = 10000 + DIGEST_ALGORITHM = "sha512".freeze def self.create(password) salt = SecureRandom.base64(SALT_BYTE_SIZE) @@ -18,7 +18,7 @@ module PasswordHash def self.check(hash, salt, candidate) if salt.nil? candidate = Digest::MD5.hexdigest(candidate) - elsif salt =~ /!/ + elsif salt.include?("!") algorithm, iterations, salt = salt.split("!") size = Base64.strict_decode64(hash).length candidate = self.hash(candidate, salt, iterations.to_i, size, algorithm) @@ -32,7 +32,7 @@ module PasswordHash def self.upgrade?(hash, salt) if salt.nil? return true - elsif salt =~ /!/ + elsif salt.include?("!") algorithm, iterations, salt = salt.split("!") return true if Base64.strict_decode64(salt).length != SALT_BYTE_SIZE return true if Base64.strict_decode64(hash).length != HASH_BYTE_SIZE @@ -45,8 +45,6 @@ module PasswordHash false end - private - def self.hash(password, salt, iterations, size, algorithm) digest = OpenSSL::Digest.new(algorithm) pbkdf2 = OpenSSL::PKCS5.pbkdf2_hmac(password, salt, iterations, size, digest)