bcrypt-ruby / bcrypt-ruby Goto Github PK

bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt() password hashing algorithm, allowing you to easily store a secure hash of your users' passwords.

License: Other

Ruby 22.60% Java 29.73% C 44.57% Assembly 3.10%

bcrypt-ruby's Introduction

bcrypt-ruby

An easy way to keep your users' passwords secure.

https://github.com/bcrypt-ruby/bcrypt-ruby/tree/master

Why you should use `bcrypt()`

If you store user passwords in the clear, then an attacker who steals a copy of your database has a giant list of emails and passwords. Some of your users will only have one password -- for their email account, for their banking account, for your application. A simple hack could escalate into massive identity theft.

It's your responsibility as a web developer to make your web application secure -- blaming your users for not being security experts is not a professional response to risk.

bcrypt() allows you to easily harden your application against these kinds of attacks.

Note: JRuby versions of the bcrypt gem <= 2.1.3 had a security vulnerability that was fixed in >= 2.1.4. If you used a vulnerable version to hash passwords with international characters in them, you will need to re-hash those passwords. This vulnerability only affected the JRuby gem.

How to install bcrypt

gem install bcrypt

The bcrypt gem is available on the following Ruby platforms:

JRuby
RubyInstaller 2.0 – 3.0 builds on Windows with the DevKit
Any 2.0 – 3.0 Ruby on a BSD/OS X/Linux system with a compiler

How to use `bcrypt()` in your Rails application

Note: Rails versions >= 3 ship with ActiveModel::SecurePassword which uses bcrypt-ruby. has_secure_password docs implements a similar authentication strategy to the code below.

The User model

require 'bcrypt'

class User < ActiveRecord::Base
  # users.password_hash in the database is a :string
  include BCrypt

  def password
    @password ||= Password.new(password_hash)
  end

  def password=(new_password)
    @password = Password.create(new_password)
    self.password_hash = @password
  end
end

Creating an account

def create
  @user = User.new(params[:user])
  @user.password = params[:password]
  @user.save!
end

Authenticating a user

def login
  @user = User.find_by_email(params[:email])
  if @user.password == params[:password]
    give_token
  else
    redirect_to home_url
  end
end

How to use bcrypt-ruby in general

require 'bcrypt'

my_password = BCrypt::Password.create("my password")
#=> "$2a$12$K0ByB.6YI2/OYrB4fQOYLe6Tv0datUVf6VZ/2Jzwm879BW5K1cHey"

my_password.version              #=> "2a"
my_password.cost                 #=> 12
my_password == "my password"     #=> true
my_password == "not my password" #=> false

my_password = BCrypt::Password.new("$2a$12$K0ByB.6YI2/OYrB4fQOYLe6Tv0datUVf6VZ/2Jzwm879BW5K1cHey")
my_password == "my password"     #=> true
my_password == "not my password" #=> false

Check the rdocs for more details -- BCrypt, BCrypt::Password.

How `bcrypt()` works

bcrypt() is a hashing algorithm designed by Niels Provos and David Mazières of the OpenBSD Project.

Background

Hash algorithms take a chunk of data (e.g., your user's password) and create a "digital fingerprint," or hash, of it. Because this process is not reversible, there's no way to go from the hash back to the password.

In other words:

hash(p) #=> <unique gibberish>

You can store the hash and check it against a hash made of a potentially valid password:

<unique gibberish> =? hash(just_entered_password)

Rainbow Tables

But even this has weaknesses -- attackers can just run lists of possible passwords through the same algorithm, store the results in a big database, and then look up the passwords by their hash:

PrecomputedPassword.find_by_hash(<unique gibberish>).password #=> "secret1"

Salts

The solution to this is to add a small chunk of random data -- called a salt -- to the password before it's hashed:

hash(salt + p) #=> <really unique gibberish>

The salt is then stored along with the hash in the database, and used to check potentially valid passwords:

<really unique gibberish> =? hash(salt + just_entered_password)

bcrypt-ruby automatically handles the storage and generation of these salts for you.

Adding a salt means that an attacker has to have a gigantic database for each unique salt -- for a salt made of 4 letters, that's 456,976 different databases. Pretty much no one has that much storage space, so attackers try a different, slower method -- throw a list of potential passwords at each individual password:

hash(salt + "aadvark") =? <really unique gibberish>
hash(salt + "abacus")  =? <really unique gibberish>
etc.

This is much slower than the big database approach, but most hash algorithms are pretty quick -- and therein lies the problem. Hash algorithms aren't usually designed to be slow, they're designed to turn gigabytes of data into secure fingerprints as quickly as possible. bcrypt(), though, is designed to be computationally expensive:

Ten thousand iterations:
             user     system      total        real
md5      0.070000   0.000000   0.070000 (  0.070415)
bcrypt  22.230000   0.080000  22.310000 ( 22.493822)

If an attacker was using Ruby to check each password, they could check ~140,000 passwords a second with MD5 but only ~450 passwords a second with bcrypt().

Cost Factors

In addition, bcrypt() allows you to increase the amount of work required to hash a password as computers get faster. Old passwords will still work fine, but new passwords can keep up with the times.

The default cost factor used by bcrypt-ruby is 12, which is fine for session-based authentication. If you are using a stateless authentication architecture (e.g., HTTP Basic Auth), you will want to lower the cost factor to reduce your server load and keep your request times down. This will lower the security provided you, but there are few alternatives.

To change the default cost factor used by bcrypt-ruby, use BCrypt::Engine.cost = new_value:

BCrypt::Password.create('secret').cost
  #=> 12, the default provided by bcrypt-ruby

# set a new default cost
BCrypt::Engine.cost = 8
BCrypt::Password.create('secret').cost
  #=> 8

The default cost can be overridden as needed by passing an options hash with a different cost:

BCrypt::Password.create('secret', :cost => 6).cost  #=> 6

More Information

bcrypt() is currently used as the default password storage hash in OpenBSD, widely regarded as the most secure operating system available.

For a more technical explanation of the algorithm and its design criteria, please read Niels Provos and David Mazières' Usenix99 paper: https://www.usenix.org/events/usenix99/provos.html

If you'd like more down-to-earth advice regarding cryptography, I suggest reading Practical Cryptography by Niels Ferguson and Bruce Schneier: https://www.schneier.com/book-practical.html

Etc

Author :: Coda Hale [email protected]
Website :: https://codahale.com

bcrypt-ruby's People

Contributors

Stargazers

Watchers

Forkers

genki hassox bgreenlee tmm1 timfel harley tenderlove bbhoss orderthruchaos cfis maglev elele mchorfa mferrier netk007 engineyard seanreichle tylerhunt jfirebaugh rking bf4 temojin jabley sergheim strategist922 jaseemabid trevorturk dorkusprime shivaaqua toddh barttenbrinke cjolly nhr407 garthsnyder prsimp morristech danielheath trevor jgrowl beefcake ramdevbaba oogabooga zsj2145676 jjoos hananamar pivotal-cloudplanner mileer vipulnsward bingwei dgolombek chibuisimaduka oscil8 sferik moofish32 reedloden gbarzola alnajar ccf19881030 kalyanibagale michaelwiss jaywengrow timproctor fullstackalexle bobzhen zhanglin00129 trelele mattwildig tingi davestevens akernizan nikeshkumarbk bagalekalyani zjucsxxd haileys hoyaboya hchood shin-ruby hamled josephmokenela jamistan songguang-2010 larskanis user512 glittershark jiamaozheng szow79 iankwok mahmudh nextideallc nathanmpark francisco974 joeygo23 railsmechanic ryanjho sachsy optionalg githubsud dago yukas pmniko

bcrypt-ruby's Issues

Compilation error on Mavericks

I get the following error when trying to install bcrypt via rubygems. From research it seems that it is because Apple messes with the C compiler on a regular basis and cause it to no longer recognize the argument. Apparently this issue is happing with other languages and is most likely because of XCode 5.1

Fetching: bcrypt-3.1.7.gem (100%)
Building native extensions.  This could take a while...
ERROR:  Error installing bcrypt-ruby:
    ERROR: Failed to build gem native extension.

    /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/bin/ruby extconf.rb
checking for ruby/util.h... yes
creating Makefile

make "DESTDIR="
compiling bcrypt_ext.c
compiling crypt.c
compiling crypt_blowfish.c
compiling crypt_gensalt.c
compiling wrapper.c
linking shared-object bcrypt_ext.bundle
clang: error: unknown argument: '-multiply_definedsuppress' [-Wunused-command-line-argument-hard-error-in-future]
clang: note: this will be a hard error (cannot be downgraded to a warning) in the future
make: *** [bcrypt_ext.bundle] Error 1


Gem files will remain installed in /Library/Ruby/Gems/2.0.0/gems/bcrypt-3.1.7 for inspection.
Results logged to /Library/Ruby/Gems/2.0.0/gems/bcrypt-3.1.7/ext/mri/gem_make.out

Release new version with Ruby 2.1 support in Windows fat-binary gem

Assigning this to myself, just making a note somewhere that it needs to be done.

https://github.com/tjschuck/rake-compiler-dev-box was just updated to support building Windows fat-binary gems with Ruby 2.1 -- I'll build a new version and push it out as soon as I get a chance.

undefined

"no such file to load -- bcrypt" - error by Phusion

Here is the error saying bcrypt was not loaded. The rails app is not using the Devise for authentication and gem bcrypt is not in Gemfile. Sometime, the webserver throws out the error saying spawn server can not start. gem list shows that both bcrypt-ruby 3.0.1 and 3.0.0 were installed.

Ruby (Rack) application could not be started
A source file that the application requires, is missing.

* 
  It is possible that you didn't upload your application files correctly. Please check whether all your application files are uploaded. 
* 
  A required library may not installed. Please install all libraries that this application requires.

Further information about the error may have been written to the application's log file. Please check it in order to analyse the problem.

Error message:
no such file to load -- bcrypt
Exception class:
LoadError
Application root:
/vol/www/emclab/current
Backtrace:
# File Line Location
0 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activesupport-3.1.0/lib/active_support/dependencies.rb 240 in require' 1 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activesupport-3.1.0/lib/active_support/dependencies.rb 240 inblock in require'
2 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activesupport-3.1.0/lib/active_support/dependencies.rb 225 in load_dependency' 3 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activesupport-3.1.0/lib/active_support/dependencies.rb 240 inrequire'
4 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activemodel-3.1.0/lib/active_model/secure_password.rb 1 in ' 5 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activerecord-3.1.0/lib/active_record/base.rb 2160 inblock in '
6 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activerecord-3.1.0/lib/active_record/base.rb 2140 in class_eval' 7 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activerecord-3.1.0/lib/active_record/base.rb 2140 in'
8 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activerecord-3.1.0/lib/active_record/base.rb 31 in ' 9 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activerecord-3.1.0/lib/active_record/session_store.rb 77 in'
10 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activerecord-3.1.0/lib/active_record/session_store.rb 51 in ' 11 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activerecord-3.1.0/lib/active_record/session_store.rb 1 in'
12 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/railties-3.1.0/lib/rails/application/configuration.rb 123 in `session_store'

cap deploy:check returns:
You appear to have all necessary dependencies installed

Any thoughts about the problem? thanks!

Installing of bcrypt-ruby on Mac OS X Leopard failed

Standard Ruby installation and xcode

Downloading bcrypt-ruby-2.1.2.gem
Installing bcrypt-ruby (2.1.2)
Building native extensions.  This could take a while...
ERROR:  While executing gem ... (Gem::Installer::ExtensionBuildError)
    ERROR: Failed to build gem native extension.

/System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/bin/ruby extconf.rb
creating Makefile

make
gcc -Wall  -I. -I/System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/universal-darwin9.0 -I/System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/universal-darwin9.0 -I.  -fno-common -arch ppc -arch i386 -Os -pipe -fno-common  -c bcrypt.c
gcc -Wall  -I. -I/System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/universal-darwin9.0 -I/System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/universal-darwin9.0 -I.  -fno-common -arch ppc -arch i386 -Os -pipe -fno-common  -c bcrypt_ext.c
gcc -Wall  -I. -I/System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/universal-darwin9.0 -I/System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/universal-darwin9.0 -I.  -fno-common -arch ppc -arch i386 -Os -pipe -fno-common  -c blowfish.c
cc -arch ppc -arch i386 -pipe -bundle -undefined dynamic_lookup -o bcrypt_ext.bundle bcrypt.o bcrypt_ext.o blowfish.o -L. -L/System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib -L. -arch ppc -arch i386    -lruby  -lpthread -ldl -lm  
collect2: ld terminated with signal 10 [Bus error]
collect2: ld terminated with signal 10 [Bus error]
lipo: can't open input file: /var/tmp//ccFtdnBu.out (No such file or directory)
make: *** [bcrypt_ext.bundle] Error 1

Gem files will remain installed in /Users/deepj/dev/integrity/vendor/gems/gems/bcrypt-ruby-2.1.2 for inspection.
Results logged to /Users/deepj/dev/integrity/vendor/gems/gems/bcrypt-ruby-2.1.2/ext/mri/gem_make.out

Rename gem to bcrypt

While the project name bcrypt-ruby makes perfect sense, the gem itself should simply be "bcrypt". The -ruby suffix is redundant.

Mysterious ruby_bcrypt() in ext/mri/bcrypt_ext.c

I don't see which of the included headers is supposed to define ruby_bcrypt() (called on line 27: https://github.com/codahale/bcrypt-ruby/blob/master/ext/mri/bcrypt_ext.c#L27 ). It's not ow-crypt.h, and I don't see anything as a child of ruby.h that would do it, either.

Then, when I go to compile it, I get this:

bcrypt_ext.c:(.text+0x37): undefined reference to `ruby_bcrypt'

I must be doing something very wrong, because I simply cannot conceive of where this function might be defined.

Thanks!
—☈

Security issue in secrets longer than 72 characters

Version info:

Linux 3.4.8-1-ARCH x86_64 GNU/Linux
ruby 1.9.3p194 (2012-04-20 revision 35410) [x86_64-linux]
bcrypt-ruby master (ef50fe960d4dc50eb1df76fbc18a312a43e5c07d) pulled from git://github.com/codahale/bcrypt-ruby.git

BCrypt::Password#== returns true even if only the first 72 characters of the secret are valid.

Example:

require 'bcrypt'
secret1 = ('a' * 72) + 'test'
secret2 = ('a' * 72) + 'fail'
crypted = BCrypt::Password.create(secret1)
p crypted == secret2 # => true

This may not seem really dangerous, but if somebody uses their own salting system in addition to BCrypt's (the secrets contain a salt as well), this can be an issue.

An example of a vulnerable system: let's say somebody uses BCrypt to hash (password + salt + pepper), where password is the user's password, salt is the 128 character long extra salt and pepper is a global value only available to application code. If the database gets hacked, the hacker does not have to get access to the source code of the application to get the pepper, because he only has to compute the first 80 characters, which eliminates the security factor of the pepper entirely.

Could not find bcrypt-ruby-3.0.1 in any of the sources (Bundler::GemNotFound)

Backtrace:

File Line Location

0 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385@global/gems/bundler-1.2.4/lib/bundler/spec_set.rb 90 in block in materialize' 1 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385@global/gems/bundler-1.2.4/lib/bundler/spec_set.rb 83 inmap!'
2 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385@global/gems/bundler-1.2.4/lib/bundler/spec_set.rb 83 in materialize' 3 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385@global/gems/bundler-1.2.4/lib/bundler/definition.rb 113 inspecs'
4 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385@global/gems/bundler-1.2.4/lib/bundler/definition.rb 158 in specs_for' 5 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385@global/gems/bundler-1.2.4/lib/bundler/definition.rb 147 inrequested_specs'
6 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385@global/gems/bundler-1.2.4/lib/bundler/environment.rb 23 in requested_specs' 7 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385@global/gems/bundler-1.2.4/lib/bundler/runtime.rb 11 insetup'
8 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385@global/gems/bundler-1.2.4/lib/bundler.rb 116 in setup' 9 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385/gems/passenger-3.0.19/lib/phusion_passenger/utils.rb 326 inprepare_app_process'
10 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385/gems/passenger-3.0.19/lib/phusion_passenger/rack/application_spawner.rb 156 in block in initialize_server' 11 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385/gems/passenger-3.0.19/lib/phusion_passenger/utils.rb 563 inreport_app_init_status'
12 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385/gems/passenger-3.0.19/lib/phusion_passenger/rack/application_spawner.rb 154 in initialize_server' 13 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385/gems/passenger-3.0.19/lib/phusion_passenger/abstract_server.rb 204 instart_synchronously'
14 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385/gems/passenger-3.0.19/lib/phusion_passenger/abstract_server.rb 180 in start' 15 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385/gems/passenger-3.0.19/lib/phusion_passenger/rack/application_spawner.rb 129 instart'
16 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385/gems/passenger-3.0.19/lib/phusion_passenger/spawn_manager.rb 253 in block (2 levels) in spawn_rack_application' 17 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385/gems/passenger-3.0.19/lib/phusion_passenger/abstract_server_collection.rb 132 inlookup_or_add'
18 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385/gems/passenger-3.0.19/lib/phusion_passenger/spawn_manager.rb 246 in block in spawn_rack_application' 19 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385/gems/passenger-3.0.19/lib/phusion_passenger/abstract_server_collection.rb 82 inblock in synchronize'
20 prelude> 10:in synchronize' 21 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385/gems/passenger-3.0.19/lib/phusion_passenger/abstract_server_collection.rb 79 insynchronize'
22 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385/gems/passenger-3.0.19/lib/phusion_passenger/spawn_manager.rb 244 in spawn_rack_application' 23 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385/gems/passenger-3.0.19/lib/phusion_passenger/spawn_manager.rb 137 inspawn_application'
24 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385/gems/passenger-3.0.19/lib/phusion_passenger/spawn_manager.rb 275 in handle_spawn_application' 25 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385/gems/passenger-3.0.19/lib/phusion_passenger/abstract_server.rb 357 inserver_main_loop'
26 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385/gems/passenger-3.0.19/lib/phusion_passenger/abstract_server.rb 206 in start_synchronously' 27 /home/ubuntu/.rvm/gems/ruby-1.9.3-p385/gems/passenger-3.0.19/helper-scripts/passenger-spawn-server 99 in'

Change BCrypt::Password#== to #=~

The #=~ (match) seems more semantically correct than #== (equal).

JRuby and MRI give incompatible results

Running the following code in MRI 1.9.3 and REE 1.8.7 returns true, while running in JRuby (1.6.7.2, 1.7.3, and 1.7.6, in both 1.8 and 1.9 modes) returns false

require 'rubygems'
require 'bcrypt'
require 'base64'
b64h = "BqvyJXQvnL3CKVd6pAv25giyYNEGXg4k5UOwkTeYXZo=\n"
password = "$2a$12$BaVII7NCCtTxF4BKdjPy2.IkvEG4X4/CRhDvmenQKm2r/6pIoW..q"
BCrypt::Password.new(password) == Base64.decode64(b64h)

I've run all the testcases from http://www.mindrot.org/projects/jBCrypt/ and they produce the same results on MRI and JRuby, so this isn't an across-the-board incompatibility, but something about password makes it unhappy. I haven't yet run this in other Bcrypt impls in other languages to see what they return.

BCrypt::Errors::InvalidSalt: invalid salt when moving data generated by 2.1.4 to 3.0.1

Hello,
I ran head-first into this issue this morning when migrating user data from an app that used bcrypt 2.1.4 to an app that uses bcrypt 3.0.1. It appears the old salts are 20 characters long while the salts generated by 3.0.1 are 29 characters. I'm not sure if there are other differences in format as well. I saw in the changelog that version 3.0.0 moved to a different underlying implementation and I wonder if that's the source issue?

At any rate, I can't seem to find any documentation for migrating salts to the current version. Any assistance would be greatly appreciated.

Thanks
Les

Unable to install gem on rails 3.1 Snow Leopard

Updating my bundle through bundle install leads to the following error:

Building native extensions. This could take a while...
ERROR: Error installing bcrypt-ruby:
ERROR: Failed to build gem native extension.

    /usr/local/rvm/rubies/ruby-1.9.2-p180/bin/ruby extconf.rb

creating Makefile

make
gcc -I. -I/usr/local/rvm/rubies/ruby-1.9.2-p180/include/ruby-1.9.1/x86_64-darwin10.7.0 -I/usr/local/rvm/rubies/ruby-1.9.2-p180/include/ruby-1.9.1/ruby/backward -I/usr/local/rvm/rubies/ruby-1.9.2-p180/include/ruby-1.9.1 -I. -D_XOPEN_SOURCE -D_DARWIN_C_SOURCE -fno-common -O3 -ggdb -Wextra -Wno-unused-parameter -Wno-parentheses -Wpointer-arith -Wwrite-strings -Wno-missing-field-initializers -Wshorten-64-to-32 -Wno-long-long -fno-common -pipe -o bcrypt_ext.o -c bcrypt_ext.c
In file included from /usr/local/rvm/rubies/ruby-1.9.2-p180/include/ruby-1.9.1/ruby.h:32,
from bcrypt_ext.c:1:
/usr/local/rvm/rubies/ruby-1.9.2-p180/include/ruby-1.9.1/ruby/ruby.h:108: error: size of array ‘ruby_check_sizeof_long’ is negative
/usr/local/rvm/rubies/ruby-1.9.2-p180/include/ruby-1.9.1/ruby/ruby.h:112: error: size of array ‘ruby_check_sizeof_voidp’ is negative
In file included from /usr/local/rvm/rubies/ruby-1.9.2-p180/include/ruby-1.9.1/ruby/intern.h:29,
from /usr/local/rvm/rubies/ruby-1.9.2-p180/include/ruby-1.9.1/ruby/ruby.h:1327,
from /usr/local/rvm/rubies/ruby-1.9.2-p180/include/ruby-1.9.1/ruby.h:32,
from bcrypt_ext.c:1:
/usr/local/rvm/rubies/ruby-1.9.2-p180/include/ruby-1.9.1/ruby/st.h:69: error: size of array ‘st_check_for_sizeof_st_index_t’ is negative
make: *** [bcrypt_ext.o] Error 1

Gem files will remain installed in /usr/local/rvm/gems/ruby-1.9.2-p180/gems/bcrypt-ruby-3.0.0 for inspection.
Results logged to /usr/local/rvm/gems/ruby-1.9.2-p180/gems/bcrypt-ruby-3.0.0/ext/mri/gem_make.out

I changed the architecture for the gcc compiler but it still failed.

Generated Makefile installing as root

Preventing me from using wycats bundler as I cannot bundle a bcrypt as a dependency.

ruby ext_conf generates a makefile with the following install lines:

INSTALL = /usr/bin/install -c -o root -g wheel
INSTALL_PROG = $(INSTALL) -m 0755
INSTALL_DATA = install -o root -g wheel -m 444

... but this all could be a problem with our FreeBSD setup... if so, sorry about the issue :)

Cheers,
Mike.

BCrypt::Engine.valid_salt? doesn't return true or false but 0 or nil

I noticed this while building an app using bcrypt. I went ahead and forked the gem to see how to make it return true or false. I have only managed to get my tests to pass when the salt is valid. When I put an invalid salt in the argument of the valid_salt? method, the tests fail.

Is the valid_salt? method supposed to return true or false? The comments in the code indicate so.

Additionally, I'd also like to find out why my tests aren't passing. If you have a moment, please check out my fork dyba/bcrypt-ruby to give me a heads up why my tests pass with a valid salt but fail with an invalid salt. The only line I added to the valid_salt? method was after the regular expression:

salt.nil? ? false : true

installation fails on debian squeeze

Arch: i686 (32 bits), Intel processor
OS: Debian GNU/Linux testing (Squeeze)
Kernel: 2.6.30-2-686
GCC version: gcc (Debian 4.4.4-8) 4.4.5 20100728 (prerelease)
build-essential installed: YES!

manu@joker:~$ sudo gem install bcrypt-ruby
Building native extensions. This could take a while...
ERROR: Error installing bcrypt-ruby:
ERROR: Failed to build gem native extension.

/usr/bin/ruby1.8 extconf.rb
extconf.rb:13:in `require': no such file to load -- mkmf (LoadError)
from extconf.rb:13

Gem files will remain installed in /var/lib/gems/1.8/gems/bcrypt-ruby-2.1.2 for inspection.
Results logged to /var/lib/gems/1.8/gems/bcrypt-ruby-2.1.2/ext/mri/gem_make.out
manu@joker:~$

In /var/lib/gems/1.8/gems/bcrypt-ruby-2.1.2/ext/mri/gem_make.out :

/usr/bin/ruby1.8 extconf.rb
extconf.rb:13:in `require': no such file to load -- mkmf (LoadError)

from extconf.rb:13

Unitialized constant Bcrypt::Pasword

I have a gem that depends on Bcrypt and because I do not check in the Gemfile.lock for my gems my CI server just started failing. This failure may be truly on our side, but when I went to trace down my dependencies I found bcrypt and bcrypt-ruby; via Ruby Gems the source code links both point to this repo. The gems on disk are obviously not the same.

Can you explain a little about what is going on with the dependency between bcrypt and bcrypt-ruby (specifically for the java impl)? Right now if I change my gemspec to force bcrypt-ruby 3.1.2 everything passes, obviously pessimistic includes grab the change you just released (which looks safe).

I am using jruby and verified the same behavior on 1.7.8 - 10

I will do some more digging into this and see if there is a bug on my side (there probably is something with a require that we were getting lucky with), but I wanted to open a thread in case other people find similar issue. I'm happy to move this to a discussion group if you like.

CAN NOT pass compiling in linuxmint 15

I just use gem install bcrypt-ruby,and there is the error log :

Building native extensions.  This could take a while...
ERROR:  Error installing bcrypt-ruby:
    ERROR: Failed to build gem native extension.

    /home/sergio/.rvm/rubies/ruby-2.0.0-p195/bin/ruby extconf.rb
creating Makefile

make
compiling wrapper.c
In file included from wrapper.c:27:0:
/home/sergio/.rvm/rubies/ruby-2.0.0-p195/include/ruby-2.0.0/ruby/backward/util.h:2:2: 警告： #warning use "ruby/util.h" instead of bare "util.h" [-Wcpp]
compiling crypt_blowfish.c
compiling bcrypt_ext.c
bcrypt_ext.c: 在函数‘bcrypt_wrapper’中:
bcrypt_ext.c:27:5: 警告： 隐式声明函数‘ruby_bcrypt’ [-Wimplicit-function-declaration]
bcrypt_ext.c: 在文件作用域：
bcrypt_ext.c:25:14: 警告： ‘bcrypt_wrapper’定义后未使用 [-Wunused-function]
compiling crypt.c
compiling crypt_gensalt.c
linking shared-object bcrypt_ext.so
/usr/bin/ld: errno: TLS definition in /lib/x86_64-linux-gnu/libc.so.6 section .tbss mismatches non-TLS reference in wrapper.o
/lib/x86_64-linux-gnu/libc.so.6: 无法读取符号: 错误的值
collect2: 错误： ld 返回 1
make: *** [bcrypt_ext.so] 错误 1

i google it ,but i'm not very sure about what cause it.

If you get an error such as this:  
/usr/bin/ld: errno: TLS definition in /lib/libc.so.6 section .tbss mismatches  
non-TLS reference in [...]  

What you need to do is this: open the appropriate makefile (i.e. in TKIGES), find the line DEFAULT_INCLUDES, and add -include /usr/include/errno.h to the end.  

This applies to gcc-3.3.6, at least.  

Bob

what can i do to fix this problem , need i change the makefile ?

Cost limiting not enforced in C extensions.

I noticed that using a very large cost with BCrypt::Password.create would not increase the runtime on MRI. When I tested this under JRuby, the Java Extensions would raise a "bad number of rounds" ArgumentError if the cost was over 31. The C extensions should have the same behavior as the Java Extensions.

Steps to Reproduce

require 'bcrypt'
require 'benchmark'

# base
puts Benchmark.measure { BCrypt::Password.create("hello", :cost => 10) }

# midpoint
puts Benchmark.measure { BCrypt::Password.create("hello", :cost => 32) }

# extreme
puts Benchmark.measure { BCrypt::Password.create("hello", :cost => (2 ** 30)) }

Actual Results

MRI

Base:
0.090000 0.000000 0.090000 ( 0.094195)

Midpoint:
+5 minutes

Extreme:
0.000000 0.000000 0.000000 ( 0.001570)

JRuby

Base:
0.295000 0.000000 0.295000 ( 0.296000)

Midpoint:
NativeException: java.lang.IllegalArgumentException: Bad number of rounds

Extreme:
NativeException: java.lang.IllegalArgumentException: Missing salt rounds

bcrypt error

I have an application i'm porting to rails 2 (on Windows). I have a 32bit Ruby 2 install. The app uses Sorcery which relies on bcrypt. Bundle install success and shows 3.1.1 installed but I get this error when run rake db:migrate. The file bcrypt_ext.so in the path exists. Makes no sense.

   C:\Work\Personal\myproject\src>rake db:migrate --trace
** Invoke db:migrate (first_time)
** Invoke environment (first_time)
** Execute environment
rake aborted!
126: The specified module could not be found.   - C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/bcrypt-ruby-3.1.1-x86-mingw32/lib/bcrypt_ext.so
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:251:in `require'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:251:in `block in require'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:234:in `block in load_dependency'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:639:in `new_constants_in'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:234:in `load_dependency'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:251:in `require'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/bcrypt-ruby-3.1.1-x86-mingw32/lib/bcrypt.rb:12:in `'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:251:in `require'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:251:in `block in require'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:234:in `block in load_dependency'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:639:in `new_constants_in'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:234:in `load_dependency'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:251:in `require'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/sorcery-0.7.11/lib/sorcery/crypto_providers/bcrypt.rb:1:in `'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/sorcery-0.7.11/lib/sorcery/model.rb:239:in `initialize'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/sorcery-0.7.11/lib/sorcery/model.rb:14:in `new'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/sorcery-0.7.11/lib/sorcery/model.rb:14:in `authenticates_with_sorcery!'
C:/Work/Personal/myproject/src/app/models/user.rb:10:in `'
C:/Work/Personal/myproject/src/app/models/user.rb:4:in `'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:469:in `load'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:469:in `block in load_file'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:639:in `new_constants_in'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:468:in `load_file'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:353:in `require_or_load'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:502:in `load_missing_constant'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:192:in `block in const_missing'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:190:in `each'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:190:in `const_missing'
C:/Work/Personal/myproject/src/config/initializers/sorcery.rb:37:in `block in '
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/sorcery-0.7.11/lib/sorcery/controller.rb:193:in `call'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/sorcery-0.7.11/lib/sorcery/controller.rb:193:in `configure!'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/sorcery-0.7.11/lib/sorcery/controller.rb:15:in `included'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/sorcery-0.7.11/lib/sorcery/engine.rb:11:in `include'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/sorcery-0.7.11/lib/sorcery/engine.rb:11:in `block in '
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/railties-3.2.13/lib/rails/initializable.rb:30:in `instance_exec'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/railties-3.2.13/lib/rails/initializable.rb:30:in `run'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/railties-3.2.13/lib/rails/initializable.rb:55:in `block in run_initializers'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/railties-3.2.13/lib/rails/initializable.rb:54:in `each'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/railties-3.2.13/lib/rails/initializable.rb:54:in `run_initializers'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/railties-3.2.13/lib/rails/application.rb:136:in `initialize!'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/railties-3.2.13/lib/rails/railtie/configurable.rb:30:in `method_missing'
C:/Work/Personal/myproject/src/config/environment.rb:5:in `'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:251:in `require'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:251:in `block in require'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:236:in `load_dependency'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:251:in `require'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/railties-3.2.13/lib/rails/application.rb:103:in `require_environment!'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/railties-3.2.13/lib/rails/application.rb:297:in `block (2 levels) in initialize_tasks'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/rake-10.1.0/lib/rake/task.rb:236:in `call'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/rake-10.1.0/lib/rake/task.rb:236:in `block in execute'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/rake-10.1.0/lib/rake/task.rb:231:in `each'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/rake-10.1.0/lib/rake/task.rb:231:in `execute'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/rake-10.1.0/lib/rake/task.rb:175:in `block in invoke_with_call_chain'
C:/Languages/Ruby200/lib/ruby/2.0.0/monitor.rb:211:in `mon_synchronize'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/rake-10.1.0/lib/rake/task.rb:168:in `invoke_with_call_chain'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/rake-10.1.0/lib/rake/task.rb:197:in `block in invoke_prerequisites'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/rake-10.1.0/lib/rake/task.rb:195:in `each'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/rake-10.1.0/lib/rake/task.rb:195:in `invoke_prerequisites'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/rake-10.1.0/lib/rake/task.rb:174:in `block in invoke_with_call_chain'
C:/Languages/Ruby200/lib/ruby/2.0.0/monitor.rb:211:in `mon_synchronize'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/rake-10.1.0/lib/rake/task.rb:168:in `invoke_with_call_chain'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/rake-10.1.0/lib/rake/task.rb:161:in `invoke'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/rake-10.1.0/lib/rake/application.rb:149:in `invoke_task'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/rake-10.1.0/lib/rake/application.rb:106:in `block (2 levels) in top_level'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/rake-10.1.0/lib/rake/application.rb:106:in `each'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/rake-10.1.0/lib/rake/application.rb:106:in `block in top_level'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/rake-10.1.0/lib/rake/application.rb:115:in `run_with_threads'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/rake-10.1.0/lib/rake/application.rb:100:in `top_level'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/rake-10.1.0/lib/rake/application.rb:78:in `block in run'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/rake-10.1.0/lib/rake/application.rb:165:in `standard_exception_handling'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/rake-10.1.0/lib/rake/application.rb:75:in `run'
C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/rake-10.1.0/bin/rake:33:in `'
C:/Languages/Ruby200/bin/rake:23:in `load'
C:/Languages/Ruby200/bin/rake:23:in `'
Tasks: TOP => db:migrate => environment

C:\Work\Personal\myproject\src>bundle install
Resolving dependencies...
Using rake (10.1.0)
Using i18n (0.6.1)
Using multi_json (1.7.7)
Using activesupport (3.2.13)
Using builder (3.0.4)
Using activemodel (3.2.13)
Using erubis (2.7.0)
Using journey (1.0.4)
Using rack (1.4.5)
Using rack-cache (1.2)
Using rack-test (0.6.2)
Using hike (1.2.3)
Using tilt (1.4.1)
Using sprockets (2.2.2)
Using actionpack (3.2.13)
Using mime-types (1.23)
Using polyglot (0.3.3)
Using treetop (1.4.14)
Using mail (2.5.4)
Using actionmailer (3.2.13)
Using arel (3.0.2)
Using tzinfo (0.3.37)
Using activerecord (3.2.13)
Using activeresource (3.2.13)
Using bundler (1.3.5)
Using rack-ssl (1.3.3)
Using json (1.8.0)
Using rdoc (3.12.2)
Using thor (0.18.1)
Using railties (3.2.13)
Using rails (3.2.13)
Using actionmailer-with-request (0.4.0)
Using bcrypt-ruby (3.1.1)
Using closure-compiler (1.1.10)
Using coffee-script-source (1.6.3)
Using execjs (1.4.0)
Using coffee-script (2.2.0)
Using coffee-rails (3.2.2)
Using multipart-post (1.2.0)
Using faraday (0.8.7)
Using microsite (0.0.1) from source at vendor/engines/microsite
Using mysql2 (0.3.13)
Using oauth (0.4.7)
Using oauth2 (0.5.2)
Using sass (3.2.9)
Using sass-rails (3.2.6)
Using sorcery (0.7.11)
Using tlsmail (0.0.1)
Using uglifier (2.1.2)
Using uuidtools (2.1.4)
Your bundle is complete!
Use `bundle show [gemname]` to see where a bundled gem is installed.

C:\Work\Personal\myproject\src>rake db:migrate
rake aborted!
126: The specified module could not be found.   - C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/bcrypt-ruby-3.1.1-x86-mingw32/lib/bcrypt_ext.so
C:/Work/Personal/myproject/src/app/models/user.rb:10:in `'
C:/Work/Personal/myproject/src/app/models/user.rb:4:in `'
C:/Work/Personal/myproject/src/config/initializers/sorcery.rb:37:in `block in '
C:/Work/Personal/myproject/src/config/environment.rb:5:in `'
Tasks: TOP => db:migrate => environment
(See full trace by running task with --trace)

C:\Work\Personal\myproject\src>rake db:migrate
rake aborted!
126: The specified module could not be found.   - C:/Languages/Ruby200/lib/ruby/gems/2.0.0/gems/bcrypt-ruby-3.1.1-x86-mingw32/lib/bcrypt_ext.so
C:/Work/Personal/myproject/src/app/models/user.rb:10:in `'
C:/Work/Personal/myproject/src/app/models/user.rb:4:in `'
C:/Work/Personal/myproject/src/config/initializers/sorcery.rb:37:in `block in '
C:/Work/Personal/myproject/src/config/environment.rb:5:in `'
Tasks: TOP => db:migrate => environment
(See full trace by running task with --trace)

C:\Work\Personal\myproject\src>`

Unable to install version 2.1.4 on Rails 3.0.10 Mac OS10.6.8

I'm using a Refinery CMS app that contains bcrypt-ruby-2.1.4. I pulled the db down from Heroku this morning. Attempt to start server said I didn't have bcrypt, so I bundle install, resulting in:

Installing bcrypt-ruby (2.1.4) with native extensions /Users/techteach/.rvm/rubies/ruby-1.9.2-p290/lib/ruby/site_ruby/1.9.1/rubygems/installer.rb:551:in rescue in block in build_extensions': ERROR: Failed to build gem native extension. (Gem::Installer::ExtensionBuildError) /Users/techteach/.rvm/rubies/ruby-1.9.2-p290/bin/ruby extconf.rb creating Makefile make Makefile:148: *** target pattern contains no%'. Stop.

Gem files will remain installed in /Users/techteach/Dropbox/code/ctkschool/git:/github.com/newrelic/rpm.git/ruby/1.9.1/gems/bcrypt-ruby-2.1.4 for inspection.
Results logged to /Users/techteach/Dropbox/code/ctkschool/git:/github.com/newrelic/rpm.git/ruby/1.9.1/gems/bcrypt-ruby-2.1.4/ext/mri/gem_make.out
from /Users/techteach/.rvm/rubies/ruby-1.9.2-p290/lib/ruby/site_ruby/1.9.1/rubygems/installer.rb:529:in block in build_extensions' from /Users/techteach/.rvm/rubies/ruby-1.9.2-p290/lib/ruby/site_ruby/1.9.1/rubygems/installer.rb:504:ineach'
from /Users/techteach/.rvm/rubies/ruby-1.9.2-p290/lib/ruby/site_ruby/1.9.1/rubygems/installer.rb:504:in build_extensions' from /Users/techteach/.rvm/rubies/ruby-1.9.2-p290/lib/ruby/site_ruby/1.9.1/rubygems/installer.rb:180:ininstall'
from /Users/techteach/.rvm/gems/ruby-1.9.2-p290/gems/bundler-1.0.18/lib/bundler/source.rb:101:in block in install' from /Users/techteach/.rvm/gems/ruby-1.9.2-p290/gems/bundler-1.0.18/lib/bundler/rubygems_integration.rb:78:inpreserve_paths'
from /Users/techteach/.rvm/gems/ruby-1.9.2-p290/gems/bundler-1.0.18/lib/bundler/source.rb:91:in install' from /Users/techteach/.rvm/gems/ruby-1.9.2-p290/gems/bundler-1.0.18/lib/bundler/installer.rb:58:inblock (2 levels) in run'
from /Users/techteach/.rvm/gems/ruby-1.9.2-p290/gems/bundler-1.0.18/lib/bundler/rubygems_integration.rb:93:in with_build_args' from /Users/techteach/.rvm/gems/ruby-1.9.2-p290/gems/bundler-1.0.18/lib/bundler/installer.rb:57:inblock in run'
from /Users/techteach/.rvm/gems/ruby-1.9.2-p290/gems/bundler-1.0.18/lib/bundler/installer.rb:49:in run' from /Users/techteach/.rvm/gems/ruby-1.9.2-p290/gems/bundler-1.0.18/lib/bundler/installer.rb:8:ininstall'
from /Users/techteach/.rvm/gems/ruby-1.9.2-p290/gems/bundler-1.0.18/lib/bundler/cli.rb:220:in install' from /Users/techteach/.rvm/gems/ruby-1.9.2-p290/gems/bundler-1.0.18/lib/bundler/vendor/thor/task.rb:22:inrun'
from /Users/techteach/.rvm/gems/ruby-1.9.2-p290/gems/bundler-1.0.18/lib/bundler/vendor/thor/invocation.rb:118:in invoke_task' from /Users/techteach/.rvm/gems/ruby-1.9.2-p290/gems/bundler-1.0.18/lib/bundler/vendor/thor.rb:263:indispatch'
from /Users/techteach/.rvm/gems/ruby-1.9.2-p290/gems/bundler-1.0.18/lib/bundler/vendor/thor/base.rb:386:in start' from /Users/techteach/.rvm/gems/ruby-1.9.2-p290/gems/bundler-1.0.18/bin/bundle:13:in<top (required)>'
from /Users/techteach/.rvm/gems/ruby-1.9.2-p290/bin/bundle:19:in load' from /Users/techteach/.rvm/gems/ruby-1.9.2-p290/bin/bundle:19:in

I tried gem install bcrypt-ruby -v 2.1.4, which runs fine, but then bundle install returns the same error above. bcrypt-ruby (3 versions of it) also shows up in my gem list.

Cannot install on windows

E:>set PATH=C:\Ruby\bin

E:>gem install bcrypt-ruby
Building native extensions. This could take a while...
ERROR: Error installing bcrypt-ruby:
ERROR: Failed to build gem native extension.

C:/Ruby/bin/ruby.exe extconf.rb
C:/Ruby/bin/ruby.exe: No such file or directory -- extconf.rb (LoadError)

Gem files will remain installed in C:/Ruby/lib/ruby/gems/1.8/gems/bcrypt-ruby-2.1.2 for inspection.
Results logged to C:/Ruby/lib/ruby/gems/1.8/gems/bcrypt-ruby-2.1.2/ext/mri/gem_make.out

E:>

E:>ruby -v
ruby 1.8.7 (2010-08-16 patchlevel 302) [i386-mingw32]

E:>gem -v
1.3.7

Devkit already installed at c:\Ruby

Ruby 1.9.1 segfault

bcrypt-ruby-2.1.2/lib/bcrypt.rb:70: [BUG] Segmentation fault

ruby 1.9.1p243 (2009-07-16 revision 24175) [i386-darwin10.0.0]

Broken Password Auth

On Rails 3.0.10, after user registration, I sign out and attempt to log back in I get an "Invalid E-mail/Password" message. I've reset my password multiple times, but continue to run into this same issue.

Thought this was a problem with bcrypt-ruby 2.1.2
heartcombo/devise#1303

But I'm using 3.0.0

My user model just has a password_hash field, no password_salt, like in the example

Uncaught exception: cannot load such file -- bcrypt

I'm not able to run bcrypt-ruby on a Windows 64bit machine (with 64bit Ruby 2.0.0) via the Gemfile. This issue has occurred for a while, at least since Rails 3.2.12+. It is continuing to happen Rails 4.0.2. I have tried adding the following to my Gemfile:

 gem 'bcrypt-ruby', '~> 3.1.2''

and

 gem 'bcrypt-ruby', '~> 3.1.2', :require => 'bcrypt'

When I run bundle install It doesn't appear that bcrypt-ruby is being used. There is no output saying 'Using bcrypt-ruby ...` from bundler.

I've tried installing the gem from the command line via:

 gem install bcrypt-ruby --platform=ruby --no-ri --no-rdoc

and

 gem install bcrypt-ruby

The gem will compile in both cases, however, when I delete Gemfile.lock and run bundle install again, bundler will still not pick up on the gem. If I try and start the rails server in this state, I receive the following error:

 Uncaught exception: cannot load such file -- bcrypt

The only solution that seems to work to add the following to the Gemfile

 gem 'bcrypt-ruby', git: 'https://github.com/codahale/bcrypt-ruby.git', :require => 'bcrypt'

Update crypt_blowfish implementation from v1.1 to v1.2

Version 1.2 was released in July of 2011.

It looks like we're using version 1.1.

http://www.openwall.com/crypt/ for the new source.

Version 1.2 also supports the $2y$ prefix, which fixes #39

BCrypt.java is not a real JRuby extension

Hello,

I'm working on cleanup the extension loading code bcrypt-ruby currently have. For that, been thinking on usage of rake-compiler:

http://github.com/luislavena/rake-compiler

Which provides an standarized way to compile and package JRuby and C extensions with your gems.

It also provides a target to cross compilation, allowing Linux/OSX developers compile gems for Windows users.

Doing this work found that the BCrypt code and it's access are not a JRuby extension but instead it plays with $CLASSPATH (while the C version plays with the $LOAD_PATH) and conditionally invoke one or the other based on permanent evaluation of RUBY_PLATFORM.

I believe that wrapping the code as a correct Java gem will simplify that code.

I can send a pull request if you want with my changes to extconf, bcrypt.rb and the Rakefile to use rake-compiler.

Thank you.

Doesn't Compile with VC++ 2010

bcrypt-ruby doesn't compile with VC++ 2010. The main issue is that VC already has a header called "bcrypt.h"

So, any chance bycrpt.h and bycrpt.c could be renamed to bcyrpt_ruby.h and bcyrpt_ruby.c respectively? If that could be done, then there are a couple minor code changes that make VC work (happy to provide patches).

Thanks - Charlie

Recommended cost factor for stateless authentication?

Hi there,

The readme says "The default cost factor used by bcrypt-ruby is 10, which is fine for session-based authentication. If you are using a stateless authentication architecture (e.g., HTTP Basic Auth), you will want to lower the cost factor to reduce your server load and keep your request times down."

I was wondering if there was cost factor you'd recommend? If the default for session-based is 10, I'm curious what you'd pick for stateless. Thanks!

bcrypt segfault with REE

I'm having an issue with bcrypt-ruby throwing a segfault under REE (under RVM)

/.rvm/gems/ree-1.8.7-2010.02/gems/bcrypt-ruby-2.1.4/lib/bcrypt_ext.bundle: [BUG] Segmentation fault
ruby 1.8.7 (2010-04-19 patchlevel 253) [i686-darwin10.6.0], MBARI 0x6770, Ruby Enterprise Edition 2010.02

doesn't throw a fault under just straight 1.8.7. Anyone else having this issue?

uninitialized constant User::BCrypt

Hi,

When I organize the "bcrypt-ruby" gem inside a group, in the Gemfile, occurs an error when I try to create/authenticate a user. But, when the gem isn't organized inside a group the error doesn't occur.

Thanks in advance! =D

Erik

salt accessor returns a BCrypt::Password

BCrypt::Password.new(BCrypt::Password.create("test")).salt.class #=> BCrypt::Password

This causes problems if you try to do password.salt == "some salt string", since it calls BCrypt::Pasword#==.

It should return a plain String.

Possible security flaw in your Solar Designer bcrypt implementation

Could you please answer me the following question:

http://security.stackexchange.com/questions/12132/could-the-bcrypt-ruby-binding-be-vulnerable

Windows Fat-Binary Gem with support for 1.8 and 2.0

Version 3.1.1 removed support for Ruby 1.8 from the Windows binary version of the gem because of issues with rake-compiler.

Once tjschuck/rake-compiler-dev-box#2 lands, I will build a new version that supports 1.8, 1.9, and 2.0.

instance hash method returns a string

hash should return an integer since it's use to determine uniqueness for things like Hash and Set

NoMethodError undefined method "authenticate" in production with Rails 4

bcrypt with has_secure_password on my user model calling User.authenticate before setting a session to log a user in which works fine in development but when I set my server to production I get a NoMethodError undefined method "authenticate" on my sessions controller (which is where I'm making the authenticate call).

Any suggestions as to why I only see this error in production? The production DB is using mysql and is setup correctly, the migration has been run with RAILS_ENV=production rake db:migrate and the bcrypt gem has been bundled on the production server as well. I'm at a loss. Any help would be much aprpeciate

Tag v3.1.1

Would you tag v3.1.1, please?

Problem with bcrypt ruby gem and spree.

Hey
I am getting this error when it comes to installing spree....(I have checked with the spree issues board and been advised to check with you)

C:\Sites\mystore>spree install --auto-accept
gemfile spree
gemfile spree_gateway
gemfile spree_auth_devise
run bundle install from "."
Polyglot: found more than one candidate for bcrypt: C:/RailsInstaller/Ruby1.9.3
lib/ruby/gems/1.9.1/gems/bcrypt-ruby-3.1.0-x86-mingw32/lib/bcrypt, C:/RailsInst
ller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/bcrypt-ruby-3.1.0-x86-mingw32/lib/bcryp
.
Polyglot: found more than one candidate for C:/Sites/mystore/config/environment
rb: C:/Sites/mystore/config/environment.rb, C:/Sites/mystore/config/environment
rb.
C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/polyglot-0.3.3/lib/polyglo
.rb:63:in require': cannot load such file -- 1.9/bcrypt_ext (LoadError) from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/polyglot-0.3. /lib/polyglot.rb:63:inrequire'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/dependencies.rb:251:in block in require' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport 3.2.13/lib/active_support/dependencies.rb:234:inblock in load_dependency'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/dependencies.rb:639:in new_constants_in' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport 3.2.13/lib/active_support/dependencies.rb:234:inload_dependency'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/dependencies.rb:251:in require' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/bcrypt-ruby-3 1.0-x86-mingw32/lib/bcrypt_ext.rb:2:in<top (required)>'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/polyglot-0.3.
/lib/polyglot.rb:63:in require' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/polyglot-0.3. /lib/polyglot.rb:63:inrequire'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/dependencies.rb:251:in block in require' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport 3.2.13/lib/active_support/dependencies.rb:234:inblock in load_dependency'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/dependencies.rb:639:in new_constants_in' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport 3.2.13/lib/active_support/dependencies.rb:234:inload_dependency'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/dependencies.rb:251:in require' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/bcrypt-ruby-3 1.0-x86-mingw32/lib/bcrypt.rb:12:in<top (required)>'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/polyglot-0.3.
/lib/polyglot.rb:63:in require' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/polyglot-0.3. /lib/polyglot.rb:63:inrequire'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/dependencies.rb:251:in block in require' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport 3.2.13/lib/active_support/dependencies.rb:234:inblock in load_dependency'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/dependencies.rb:639:in new_constants_in' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport 3.2.13/lib/active_support/dependencies.rb:234:inload_dependency'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/dependencies.rb:251:in require' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/devise-2.2.4/ ib/devise/models/database_authenticatable.rb:2:in<top (required)>'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/devise-2.2.4/
ib/devise/models.rb:97:in const_get' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/devise-2.2.4/ ib/devise/models.rb:97:inblock (2 levels) in devise'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/devise-2.2.4/
ib/devise/models.rb:92:in each' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/devise-2.2.4/ ib/devise/models.rb:92:inblock in devise'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/devise-2.2.4/
ib/devise/models.rb:123:in devise_modules_hook!' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/devise-2.2.4/ ib/devise/models.rb:90:indevise'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/bundler/gems/spree
auth_devise-5826881e4743/app/models/spree/user.rb:5:in <class:User>' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/bundler/gems/spree auth_devise-5826881e4743/app/models/spree/user.rb:2:inmodule:Spree'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/bundler/gems/spree
auth_devise-5826881e4743/app/models/spree/user.rb:1:in <top (required)>' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport 3.2.13/lib/active_support/dependencies.rb:469:inload'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/dependencies.rb:469:in block in load_file' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport 3.2.13/lib/active_support/dependencies.rb:639:innew_constants_in'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/dependencies.rb:468:in load_file' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport 3.2.13/lib/active_support/dependencies.rb:353:inrequire_or_load'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/dependencies.rb:502:in load_missing_constant' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport 3.2.13/lib/active_support/dependencies.rb:192:inblock in const_missing'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/dependencies.rb:190:in each' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport 3.2.13/lib/active_support/dependencies.rb:190:inconst_missing'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/inflector/methods.rb:230:in block in constantize' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport 3.2.13/lib/active_support/inflector/methods.rb:229:ineach'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/inflector/methods.rb:229:in constantize' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport 3.2.13/lib/active_support/core_ext/string/inflections.rb:54:inconstantize'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/spree_core-2.
.3/lib/spree/core.rb:19:in user_class' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/spree_core-2. .3/app/models/spree/order.rb:39:inclass:Order'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/spree_core-2.
.3/app/models/spree/order.rb:5:in <module:Spree>' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/spree_core-2. .3/app/models/spree/order.rb:4:in<top (required)>'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/dependencies.rb:469:in load' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport 3.2.13/lib/active_support/dependencies.rb:469:inblock in load_file'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/dependencies.rb:639:in new_constants_in' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport 3.2.13/lib/active_support/dependencies.rb:468:inload_file'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/dependencies.rb:353:in require_or_load' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport 3.2.13/lib/active_support/dependencies.rb:502:inload_missing_constant'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/dependencies.rb:192:in block in const_missing' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport 3.2.13/lib/active_support/dependencies.rb:190:ineach'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/dependencies.rb:190:in const_missing' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/spree_api-2.0 3/app/models/spree/order_decorator.rb:1:in<top (required)>'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/dependencies.rb:245:in load' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport 3.2.13/lib/active_support/dependencies.rb:245:inblock in load'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/dependencies.rb:236:in load_dependency' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport 3.2.13/lib/active_support/dependencies.rb:245:inload'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/spree_api-2.0
3/lib/spree/api/engine.rb:23:in block in activate' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/spree_api-2.0 3/lib/spree/api/engine.rb:22:inglob'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/spree_api-2.0
3/lib/spree/api/engine.rb:22:in activate' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport 3.2.13/lib/active_support/callbacks.rb:429:in_run__558019735__prepare__603508
43__callbacks'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/callbacks.rb:405:in __run_callback' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport 3.2.13/lib/active_support/callbacks.rb:385:in_run_prepare_callbacks'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/callbacks.rb:81:in run_callbacks' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/actionpack-3. .13/lib/action_dispatch/middleware/reloader.rb:74:inprepare!'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/actionpack-3.
.13/lib/action_dispatch/middleware/reloader.rb:48:in prepare!' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/railties-3.2. 3/lib/rails/application/finisher.rb:47:inblock in module:Finisher'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/railties-3.2.
3/lib/rails/initializable.rb:30:in instance_exec' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/railties-3.2. 3/lib/rails/initializable.rb:30:inrun'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/railties-3.2.
3/lib/rails/initializable.rb:55:in block in run_initializers' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/railties-3.2. 3/lib/rails/initializable.rb:54:ineach'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/railties-3.2.
3/lib/rails/initializable.rb:54:in run_initializers' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/railties-3.2. 3/lib/rails/application.rb:136:ininitialize!'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/railties-3.2.
3/lib/rails/railtie/configurable.rb:30:in method_missing' from C:/Sites/mystore/config/environment.rb:5:in<top (required)>'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/polyglot-0.3.
/lib/polyglot.rb:63:in require' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/polyglot-0.3. /lib/polyglot.rb:63:inrequire'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/dependencies.rb:251:in block in require' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport 3.2.13/lib/active_support/dependencies.rb:236:inload_dependency'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport
3.2.13/lib/active_support/dependencies.rb:251:in require' from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/railties-3.2. 3/lib/rails/application.rb:103:inrequire_environment!'
from C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/railties-3.2.
3/lib/rails/commands.rb:25:in <top (required)>' from script/rails:6:inrequire'
from script/rails:6:in `

Can't update to Rails 3.1 on Debian

Hello,
when I try to update to rails 3.1 on debian, i get this error message:

    Installing bcrypt-ruby (3.0.1) with native extensions
    Gem::Installer::ExtensionBuildError: ERROR: Failed to build gem native extension.

            /usr/bin/ruby1.8 extconf.rb
    extconf.rb:36:in `require': no such file to load -- mkmf (LoadError)
            from extconf.rb:36


    Gem files will remain installed in /usr/lib/ruby/gems/1.8/gems/bcrypt-ruby-3.0.1 for inspection.
    Results logged to /usr/lib/ruby/gems/1.8/gems/bcrypt-ruby-3.0.1/ext/mri/gem_make.out
    An error occured while installing bcrypt-ruby (3.0.1), and Bundler cannot continue.
    Make sure that `gem install bcrypt-ruby -v '3.0.1'` succeeds before bundling.

!
Can you help me, please?
Thanks!
Jacopo

NameError (uninitialized constant BCrypt::Password)

Upgrading form bcrypt (3.1.2) -> bcrypt (3.1.3)

bcrypt (3.1.3)
bcrypt-ruby (3.1.4)
bcrypt (>= 3.1.3)

NameError (uninitialized constant BCrypt::Password):
devise (3.1.2) lib/devise/models/database_authenticatable.rb:43:in `valid_password?'

Timing vulnerability?

I've been working on implementing bcrypt-ruby and have been reading about timing attacks, particularly your article here:

http://codahale.com/a-lesson-in-timing-attacks/

I notice that Devise (popular gem that uses bcrypt-ruby) implements a constant-time comparison algorithm in conjunction with bcrypt-ruby:

https://github.com/plataformatec/devise/blob/master/lib/devise.rb#L424

I also notice that bcrypt-ruby's BCrypt class inherits from Ruby's String class, and the BCrypt#== method simply calls up to super, thus comparing strings using Ruby's String#== method, which I assume is not a constant-time comparison algorithm.

Should BCrypt handle this constant time issue in it's comparison method?

bcrypt may append invalid paths to $LOAD_PATH

I've been using some of the "alternative" ruby package mangers that copy files out of the original directory similar to setup.rb's approach. It doesn't seem to be causing a huge deal, but bcrypt-ruby tries to reference ext/ which is outside lib/. It should be possible to just require 'bcrypt_ext' without modifying the load path. Even with rubygems, ext/bcrypt_ext.* will be copied into lib/bcrypt_ext.* when you "gem install bcrypt-ruby". (I'm unfamiliar with jruby's extension conventions though)

A low impact change would be to check if the ext/ directory exists before adding it to the load path. The better fix imo is to have "rake compile" copy the file into lib and remove the load path manipulation. This mimics package installer behavior more closely. Its your lib, your call.

diff --git a/lib/bcrypt.rb b/lib/bcrypt.rb
index 7776829..3490e14 100644
--- a/lib/bcrypt.rb
+++ b/lib/bcrypt.rb
@@ -4,7 +4,8 @@ if RUBY_PLATFORM == "java"
   require 'java'
   $CLASSPATH << File.expand_path(File.join(File.dirname(__FILE__), "..", "ext", "jruby"))
 else
-  $LOAD_PATH.unshift(File.expand_path(File.join(File.dirname(__FILE__), "..", "ext", "mri")))
+  extdir = File.expand_path(File.join(File.dirname(__FILE__), "..", "ext", "mri"))
+  $LOAD_PATH.unshift(extdir) if File.directory?(extdir) && !$LOAD_PATH.include?(extdir)
   require "bcrypt_ext"
   require "openssl"
 end

Unable to use non-random salt.

It'd be nice to have a top-level way to generate a hash using a given salt, so that we can arrive at the same outcome.

I'm happy to put this in place, is there a particular approach you'd like me to use?

Is anyone looking at these issues? Need help?

Need help handling the issues?

Failing to build bcrypt-ruby when installing from a Rails application

When I try to install the gem from inside a Rails application (more precisely, a Rails engine) it fails with the following error message:

/Users/balint/.rbenv/versions/1.9.3-p392/bin/ruby extconf.rb 
creating Makefile

make
compiling bcrypt_ext.c
compiling crypt.c
compiling crypt_blowfish.c
compiling crypt_gensalt.c
compiling wrapper.c
In file included from wrapper.c:27:
/Users/balint/.rbenv/versions/1.9.3-p392/include/ruby-1.9.1/ruby/backward/util.h:2:2: warning: #warning use "ruby/util.h" instead of bare "util.h"
linking shared-object bcrypt_ext.bundle

make install
/usr/bin/install -c -m 0755 bcrypt_ext.bundle /Users/balint/code/rails/wlb
make: *** No rule to make target `-/ruby/1.9.1/gems/bcrypt-ruby-3.0.1/lib/bcrypt_ext.bundle', needed by `install-so'.  Stop.

However, I succeeded in installing the gem explicitly with gem install bcrypt-ruby -v '3.0.1'.

The ruby version I used was 1.9.3-p392.

gcc -v outputs the following:

Using built-in specs.
Target: i686-apple-darwin11
Configured with: /private/var/tmp/llvmgcc42/llvmgcc42-2336.11~28/src/configure -- disable-checking --enable-werror -- prefix=/Applications/Xcode.app/Contents/Developer/usr/llvm-gcc-4.2 --mandir=/share/man --enable-languages=c,objc,c++,obj-c++ --program-prefix=llvm- --program-transform-name=/^[cg][^.-]*$/s/$/-4.2/ --with-slibdir=/usr/lib --build=i686-apple-darwin11 --enable-llvm=/private/var/tmp/llvmgcc42/llvmgcc42-2336.11~28/dst-llvmCore/Developer/usr/local --program-prefix=i686-apple-darwin11- --host=x86_64-apple-darwin11 --target=i686-apple-darwin11 --with-gxx-include-dir=/usr/include/c++/4.2.1
Thread model: posix
gcc version 4.2.1 (Based on Apple Inc. build 5658) (LLVM build 2336.11.00)

AFAIK I don't have any bundle option or env. var that could cause the compilation process to be modified.

Could you tell me what the difference between the installation processes could be and how should the problem be dealt with?

Thank you.

header files not found

On a OSX Lion I get:

Installing bcrypt-ruby (3.0.1) with native extensions
Gem::Installer::ExtensionBuildError: ERROR: Failed to build gem native extension.

    /Users/riccardotacconi/.rvm/rubies/ruby-1.8.7-p352/bin/ruby extconf.rb

creating Makefile

make
/usr/bin/gcc-4.2 -I. -I/Users/riccardotacconi/.rvm/rubies/ruby-1.8.7-p352/lib/ruby/1.8/x86_64-darwin10.8.0 -I/Users/riccardotacconi/.rvm/rubies/ruby-1.8.7-p352/lib/ruby/1.8/x86_64-darwin10.8.0 -I. -D_XOPEN_SOURCE -D_DARWIN_C_SOURCE -fno-common -isysroot /Developer/SDKs/MacOSX10.6.sdk -arch x86_64 -fno-common -pipe -fno-common -c bcrypt_ext.c
In file included from bcrypt_ext.c:1:
/Users/riccardotacconi/.rvm/rubies/ruby-1.8.7-p352/lib/ruby/1.8/x86_64-darwin10.8.0/ruby.h:40:21: error: stdlib.h: No such file or directory
/Users/riccardotacconi/.rvm/rubies/ruby-1.8.7-p352/lib/ruby/1.8/x86_64-darwin10.8.0/ruby.h:44:21: error: string.h: No such file or directory
/Users/riccardotacconi/.rvm/rubies/ruby-1.8.7-p352/lib/ruby/1.8/x86_64-darwin10.8.0/ruby.h:54:21: error: stdint.h: No such file or directory
/Users/riccardotacconi/.rvm/rubies/ruby-1.8.7-p352/lib/ruby/1.8/x86_64-darwin10.8.0/ruby.h:58:19: error: stdio.h: No such file or directory
/Users/riccardotacconi/.rvm/rubies/ruby-1.8.7-p352/lib/ruby/1.8/x86_64-darwin10.8.0/ruby.h:75:20: error: alloca.h: No such file or directory
In file included from /usr/llvm-gcc-4.2/bin/../lib/gcc/i686-apple-darwin11/4.2.1/include/limits.h:15,
from /Users/riccardotacconi/.rvm/rubies/ruby-1.8.7-p352/lib/ruby/1.8/x86_64-darwin10.8.0/ruby.h:95,
from bcrypt_ext.c:1:
/Applications/Xcode.app/Contents/Developer/usr/llvm-gcc-4.2/lib/gcc/i686-apple-darwin11/4.2.1/include/limits.h:15:25: error: no include path in which to search for limits.h
In file included from /Users/riccardotacconi/.rvm/rubies/ruby-1.8.7-p352/lib/ruby/1.8/x86_64-darwin10.8.0/ruby.h:755,
from bcrypt_ext.c:1:
/Users/riccardotacconi/.rvm/rubies/ruby-1.8.7-p352/lib/ruby/1.8/x86_64-darwin10.8.0/missing.h:16:24: error: sys/time.h: No such file or directory
/Users/riccardotacconi/.rvm/rubies/ruby-1.8.7-p352/lib/ruby/1.8/x86_64-darwin10.8.0/missing.h:25:25: error: sys/types.h: No such file or directory
In file included from /Users/riccardotacconi/.rvm/rubies/ruby-1.8.7-p352/lib/ruby/1.8/x86_64-darwin10.8.0/ruby.h:756,
from bcrypt_ext.c:1:
/Users/riccardotacconi/.rvm/rubies/ruby-1.8.7-p352/lib/ruby/1.8/x86_64-darwin10.8.0/intern.h:233: error: expected declaration specifiers or ‘...’ before ‘fd_set’
/Users/riccardotacconi/.rvm/rubies/ruby-1.8.7-p352/lib/ruby/1.8/x86_64-darwin10.8.0/intern.h:233: error: expected declaration specifiers or ‘...’ before ‘fd_set’
/Users/riccardotacconi/.rvm/rubies/ruby-1.8.7-p352/lib/ruby/1.8/x86_64-darwin10.8.0/intern.h:233: error: expected declaration specifiers or ‘...’ before ‘fd_set’
/Users/riccardotacconi/.rvm/rubies/ruby-1.8.7-p352/lib/ruby/1.8/x86_64-darwin10.8.0/intern.h:233: warning: ‘struct timeval’ declared inside parameter list
/Users/riccardotacconi/.rvm/rubies/ruby-1.8.7-p352/lib/ruby/1.8/x86_64-darwin10.8.0/intern.h:233: warning: its scope is only this definition or declaration, which is probably not what you want
/Users/riccardotacconi/.rvm/rubies/ruby-1.8.7-p352/lib/ruby/1.8/x86_64-darwin10.8.0/intern.h:234: warning: ‘struct timeval’ declared inside parameter list
/Users/riccardotacconi/.rvm/rubies/ruby-1.8.7-p352/lib/ruby/1.8/x86_64-darwin10.8.0/intern.h:480: warning: parameter names (without types) in function declaration
make: *** [bcrypt_ext.o] Error 1

Gem files will remain installed in /Users/riccardotacconi/.rvm/gems/ruby-1.8.7-p352/gems/bcrypt-ruby-3.0.1 for inspection.
Results logged to /Users/riccardotacconi/.rvm/gems/ruby-1.8.7-p352/gems/bcrypt-ruby-3.0.1/ext/mri/gem_make.out
An error occured while installing bcrypt-ruby (3.0.1), and Bundler cannot continue.
Make sure that gem install bcrypt-ruby -v '3.0.1' succeeds before bundling.

It is happening after the update from Snow leopard to Lion.

3.1.2: ow-crypt.h missing a sensible default for const

The __CONST definition in ow-crypt.h is missing a usable default

#undef __CONST
#if defined __GNUC__
#define __CONST __const
#elif defined _MSC_VER
#define __CONST const
#else
#endif

This patch sets __CONST as const, i.e. the same as the MSC_VER value above.

--- ext/mri/ow-crypt.h.orig     Mon Sep  2 20:51:57 2013
+++ ext/mri/ow-crypt.h  Mon Sep  2 20:52:14 2013
@@ -12,6 +12,7 @@
 #elif defined _MSC_VER
 #define __CONST const
 #else
+#define __CONST const
 #endif

 #ifndef __SKIP_GNU

This script will auto-add it and repack the gem

cd /var/tmp
rm -rf bcrypt
mkdir -p bcrypt/data
cd bcrypt
tar -xf /ul/src/ruby/orig/bcrypt-ruby-3.1.2.gem
cd data
gunzip -c ../data.tar.gz | tar -xf -
patch -p0 < /usr/local/src/ruby/bcrypt-ruby-3.1.2.gem.diff
tar -cf - `find .gitignore .rspec .travis.yml * -type f -print` | gzip -9c > ../data.tar.gz
cd /var/tmp/bcrypt
tar -cf /usr/local/src/ruby/bcrypt-ruby-3.1.2.fixed.gem data.tar.gz metadata.gz

generation of MD5 passwords (starting with $1$) possible?

is generation of MD5 passwords (starting with $1$) possible?
i want to use rails4 active model has_secure_password
but i am limited to md5 hashed passwords

3.0.0 won't load under jruby/windows

"jruby -S bundle install" using rails 3.1.0.rc8

Installing bcrypt-ruby (3.0.0) with native extensions Gem::Installer::ExtensionB
uildError: ERROR: Failed to build gem native extension.

        c:/jruby-1.6.4/bin/jruby.exe extconf.rb

make
'make' is not recognized as an internal or external command,
operable program or batch file.


Gem files will remain installed in c:/jruby-1.6.4/lib/ruby/gems/1.8/gems/bcrypt-
ruby-3.0.0-java for inspection.
Results logged to c:/jruby-1.6.4/lib/ruby/gems/1.8/gems/bcrypt-ruby-3.0.0-java/e
xt/mri/gem_make.out

  build_extensions at c:/jruby-1.6.4/lib/ruby/site_ruby/1.8/rubygems/installer.r
b:529
              each at org/jruby/RubyArray.java:1603
  build_extensions at c:/jruby-1.6.4/lib/ruby/site_ruby/1.8/rubygems/installer.r
b:482
           install at c:/jruby-1.6.4/lib/ruby/site_ruby/1.8/rubygems/installer.r
b:156
           install at c:/jruby-1.6.4/lib/ruby/gems/1.8/gems/bundler-1.0.18/lib/b
undler/source.rb:101
    preserve_paths at c:/jruby-1.6.4/lib/ruby/gems/1.8/gems/bundler-1.0.18/lib/b
undler/rubygems_integration.rb:78
           install at c:/jruby-1.6.4/lib/ruby/gems/1.8/gems/bundler-1.0.18/lib/b
undler/source.rb:91
               run at c:/jruby-1.6.4/lib/ruby/gems/1.8/gems/bundler-1.0.18/lib/b
undler/installer.rb:58
   with_build_args at c:/jruby-1.6.4/lib/ruby/gems/1.8/gems/bundler-1.0.18/lib/b
undler/rubygems_integration.rb:93
               run at c:/jruby-1.6.4/lib/ruby/gems/1.8/gems/bundler-1.0.18/lib/b
undler/installer.rb:57
              each at org/jruby/RubyArray.java:1603
          __send__ at org/jruby/RubyBasicObject.java:1685
              each at c:/jruby-1.6.4/lib/ruby/1.9/forwardable.rb:182
               run at c:/jruby-1.6.4/lib/ruby/gems/1.8/gems/bundler-1.0.18/lib/b
undler/installer.rb:49
           install at c:/jruby-1.6.4/lib/ruby/gems/1.8/gems/bundler-1.0.18/lib/b
undler/installer.rb:8
           install at c:/jruby-1.6.4/lib/ruby/gems/1.8/gems/bundler-1.0.18/lib/b
undler/cli.rb:220
          __send__ at org/jruby/RubyBasicObject.java:1685
              send at org/jruby/RubyKernel.java:2113
               run at c:/jruby-1.6.4/lib/ruby/gems/1.8/gems/bundler-1.0.18/lib/b
undler/vendor/thor/task.rb:21
       invoke_task at c:/jruby-1.6.4/lib/ruby/gems/1.8/gems/bundler-1.0.18/lib/b
undler/vendor/thor/invocation.rb:118
          dispatch at c:/jruby-1.6.4/lib/ruby/gems/1.8/gems/bundler-1.0.18/lib/b
undler/vendor/thor.rb:263
             start at c:/jruby-1.6.4/lib/ruby/gems/1.8/gems/bundler-1.0.18/lib/b
undler/vendor/thor/base.rb:386
            (root) at c:/jruby-1.6.4/lib/ruby/gems/1.8/gems/bundler-1.0.18/bin/b
undle:13
              load at org/jruby/RubyKernel.java:1073
            (root) at c:/jruby-1.6.4/bin/bundle:19

For a quick fix I downloaded the source, built the gems, deleted the non-java .gem, and then ran "jruby -S gem install bcrypt-ruby" from the /pkg directory. (This might be more of a bundler/rubygems problem?)

Using jruby 1.6.4 (ruby-1.9.2-p136)

JRuby install fails w/o make installed

Look at nokogiri to figure out how they handle mixed C/Java extensions.