technion / ruby-argon2 / 6034920343

coverage: 99.342% (-0.7%) from 100.0%
6034920343

push

github

web-flow 
Make default costs RFC 9106's second preferred option; introduce named cost profiles (#62)

* Make default costs RFC 9106's second preferred option

RFC 9106 is the formal standard for describing Argon2. It also gives the official recommended cost parameters that should be sufficient for all environments. This commit introduces the concept of named profiles for a set of cost parameters/values and changes the default costs to `:rfc_9106_low_memory`, the second preferred option in the RFC. The RFC's first choice can be quite computationally expensive and, mirroring Python's `argon2-cffi`, we leave that as an opt-in choice.

A developer can use one of the named profiles, or continue to hand specify costs:

```ruby
hasher = Argon2::Password.new(profile: :rfc_9106_high_memory)
hasher.create("password")
    => "$argon2id$v=19$m=2097152,t=1,p=4$LvHa74Yax7uCWPN7P6/oQQ$V1dMt4dfuYSmLpwUTpKUzg+RrXjWzWHlE6NLowBzsAg"

hasher = Argon2::Password.new(t_cost: 2, m_cost: 16, p_cost: 1)
hasher.create("password")
    => "$argon2i$v=19$m=65536,t=2,p=1$jL7lLEAjDN+pY2cG1N8D2g$iwj1ueduCvm6B9YVjBSnAHu+6mKzqGmDW745ALR38Uo"
```

The list of named cost profiles are:

* `:rfc_9106_high_memory`: the first recommended option but is expensive
* `:rfc_9106_low_memory`: the second recommended option (default)
* `:pre_rfc_9106`: the previous default costs for `ruby-argon2` <= v2.2.0, before offering RFC 9106 named profiles
* `:unsafe_cheapest`: Strictly for testing, the minimum costs allowed by Argon2 for the fastest hashing speed

A developer can see the list of profiles with `Argon2::Profiles.to_a` and the actual cost values with `.to_h` or `[name]`. As guidance changes over time (OWASP has its own recommended values), the list of profiles may expand or even change their values.

* Satisfy rubocop

39 of 41 new or added lines in 3 files covered. (95.12%)

302 of 304 relevant lines covered (99.34%)

178.24 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

84.62
/test/profiles_test.rb
1 
# frozen_string_literal: true
2 










3



require 'test_helper'




6





4













5



class ProfilesTest < Minitest::Test




6






6



  def test_hash_access




6






7



    assert_equal Argon2::Profiles::RFC_9106_LOW_MEMORY, Argon2::Profiles[:RFC_9106_LOW_MEMORY]




6





8



  end










9













10



  def test_to_a




6





11



    # rubocop:disable Naming/VariableNumber











12



    assert_equal %i[




6





13



      pre_rfc_9106










14



      rfc_9106_high_memory










15



      rfc_9106_low_memory










16



      unsafe_cheapest










17



    ], Argon2::Profiles.to_a.sort










18



    # rubocop:enable Naming/VariableNumber










19



  end










20













21



  def test_to_h




6






22



    hash = Argon2::Profiles.to_h




6






23



    assert_equal Argon2::Profiles::RFC_9106_HIGH_MEMORY, hash[:rfc_9106_high_memory]




6





24



  end










25













26



  def test_structure




6






27



    Argon2::Profiles.to_h.values do |profile|




6






NEW


28



      assert_equal %i[t_cost m_cost p_cost], profile.keys




×








NEW


29



      assert(profile.values.all? { |v| v.instance_of?(Integer) })




×







30



    end










31



  end










32



end
























    

  • 

    •