README.md in argon2-2.0.3 vs README.md in argon2-2.1.0
- old
+ new
@@ -15,11 +15,10 @@
* Security and maintainability take top priority. This can have an impact on platform support. A PR that contains platform specific code paths is unlikely to be accepted.
* Tested platforms are MRI Ruby 2.2, 2.3 and JRuby 9000. No assertions are made on other platforms.
* Errors from the C interface are raised as Exceptions. There are a lot of exception classes, but they tend to relate to things like very broken input, and code bugs. Calls to this library should generally not require a rescue.
* Test suites should aim for 100% code coverage.
* Default work values should not be considered constants. I will increase them from time to time.
-* Not exposing the threads parameter is a design choice. I believe there is significant risk, and minimal gain in using a value other than '1'. Four threads on a four core box completely ties up the entire server to process one user logon. If you want more security, increase m_cost.
* Many Rubocop errors have been disabled, but any commit should avoid new alerts or demonstrate their necessity.
## Usage
Require this in your Gemfile like a typical Ruby gem:
@@ -29,11 +28,11 @@
```
To generate a hash using specific time and memory cost:
```ruby
-hasher = Argon2::Password.new(t_cost: 2, m_cost: 16)
+hasher = Argon2::Password.new(t_cost: 2, m_cost: 16, p_cost: 1)
hasher.create("password")
=> "$argon2i$v=19$m=65536,t=2,p=1$jL7lLEAjDN+pY2cG1N8D2g$iwj1ueduCvm6B9YVjBSnAHu+6mKzqGmDW745ALR38Uo"
```
To utilise default costs:
@@ -41,11 +40,10 @@
```ruby
hasher = Argon2::Password.new
hasher.create("password")
```
-If you follow this pattern, it is important to create a new `Argon2::Password` every time you generate a hash, in order to ensure a unique salt. See [issue 23](https://github.com/technion/ruby-argon2/issues/23) for more information.
Alternatively, use this shortcut:
```ruby
Argon2::Password.create("password")
=> "$argon2i$v=19$m=65536,t=2,p=1$61qkSyYNbUgf3kZH3GtHRw$4CQff9AZ0lWd7uF24RKMzqEiGpzhte1Hp8SO7X8bAew"
@@ -70,19 +68,30 @@
KEY = "A key"
argon = Argon2::Password.new(t_cost: 2, m_cost: 16, secret: KEY)
myhash = argon.create("A password")
Argon2::Password.verify_password("A password", myhash, KEY)
```
+## Ruby 3 Types
+I am now shipping signatures in sig/. The following command sets up a testing interface.
+```sh
+RBS_TEST_TARGET="Argon2::*" bundle exec ruby -r rbs/test/setup bin/console
+```
+You should also be able to pass Steep checks:
+```sh
+steep check
+```
+These tools will need to be installed manually at this time and will be added to Gemfiles after much further testing.
+
## Version 2.0 - Argon 2id
Version 2.x upwards will now default to the Argon2id hash format. This is consistent with current recommendations regarding Argon2 usage. It remains capable of verifying existing hashes.
## Important notes regarding version 1.0 upgrade
Version 1.0.0 included a major version bump over 0.1.4 due to several breaking changes. The first of these was an API change, which you can read the background on [here](https://github.com/technion/ruby-argon2/issues/9).
The second of these is that the reference Argon2 implementation introduced an algorithm change, which produces a hash which is not backwards compatible. This is documented on [this PR on the C library](https://github.com/P-H-C/phc-winner-argon2/pull/115). This was a regrettable requirement to address a security concern in the algorithm itself. The two versions of the Argon2 algorithm are numbered 1.0 and 1.3 respectively.
-Shortly after this, version 1.0.0 of this gem was released with this breaking change, supporting only Argon2 v1.3. Further time later, the official encoding format was updated, with a spec that included the version number, and the library introduced backward compatibility. This should remove the likelihood of such breaking changes in future. Version 1.1.0 will silently introduce the current version number in hashes, in order to avoid a further compatibility break.
+Shortly after this, version 1.0.0 of this gem was released with this breaking change, supporting only Argon2 v1.3. Further time later, the official encoding format was updated, with a spec that included the version number, and the library introduced backward compatibility. This should remove the likelihood of such breaking changes in future.
## Platform Issues
The default installation workflow has caused issues with a number of gems under the latest OSX. There is some excellent documentation on the issue and some workarounds in the [Jekyll Documentation](http://jekyllrb.com/docs/troubleshooting/#jekyll-amp-mac-os-x-1011). With this in mind, OSX is a fully supported OS.
@@ -121,20 +130,22 @@
Any form of contribution is appreciated, however, please review [CONTRIBUTING.md](CONTRIBUTING.md).
## Building locally/Tests
-To build the gem locally, you will need to checkout the submodule and build it manually:
+To build the gem locally, you will need to run the setup script:
```shell
-git submodule update --init --recursive
-bundle install
-cd ext/argon2_wrap/
-make
-cd ../..
+./bin/setup
```
-The test harness includes a property based test. To more strenuously perform this test, you can tune the iterations parameter:
+You can test that the Argon2 C library was properly imported by running the C test suite:
+
+```shell
+./bin/test
+```
+
+The ruby wrapper test suite includes a property based test. To more strenuously perform this test, you can tune the iterations parameter:
```shell
TEST_CHECKS=10000 bundle exec rake test
```