SCrypt Support

Gemfile

@@ -10,6 +10,7 @@ gem "rdoc"
 group :test do
   gem "omniauth-facebook"
   gem "omniauth-openid", "~> 1.0.1"
+  gem "scrypt", "~> 1.0.3"
   gem "webrat", "0.7.2", :require => false
   gem "mocha", :require => false
 

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    devise (2.0.4)
+    devise (2.1.0.rc)
       bcrypt-ruby (~> 3.0)
       orm_adapter (~> 0.0.3)
       railties (~> 3.1)
@@ -124,6 +124,7 @@ GEM
     ruby-debug-base (0.10.4)
       linecache (>= 0.3)
     ruby-openid (2.1.8)
+    scrypt (1.0.3)
     sprockets (2.1.2)
       hike (~> 1.2)
       rack (~> 1.0)
@@ -163,5 +164,6 @@ DEPENDENCIES
   rails (~> 3.2.0)
   rdoc
   ruby-debug (>= 0.10.3)
+  scrypt (~> 1.0.3)
   sqlite3-ruby
   webrat (= 0.7.2)

lib/devise.rb

@@ -25,6 +25,7 @@ module Encryptors
     autoload :AuthlogicSha512, 'devise/encryptors/authlogic_sha512'
     autoload :BCrypt, 'devise/encryptors/bcrypt'
     autoload :ClearanceSha1, 'devise/encryptors/clearance_sha1'
+    autoload :SCrypt, 'devise/encryptors/scrypt'
     autoload :RestfulAuthenticationSha1, 'devise/encryptors/restful_authentication_sha1'
     autoload :Sha512, 'devise/encryptors/sha512'
     autoload :Sha1, 'devise/encryptors/sha1'

lib/devise/encryptors/scrypt.rb

@@ -0,0 +1,21 @@
+begin
+  require "scrypt"
+rescue LoadError
+  $stderr.puts "You must install the scrypt gem in order to use SCrypt encryption."
+  exit(1)
+end
+
+module Devise
+  module Encryptors
+    class SCrypt < Base
+      def self.digest(password, stretches, salt, pepper)
+        ::SCrypt::Engine.hash_secret("#{password}#{pepper}", salt)
+      end
+
+      def self.compare(encrypted_password, password, stretches, salt, pepper)
+        salt = ::SCrypt::Password.new(encrypted_password).salt
+        Devise.secure_compare(encrypted_password, digest(password, stretches, salt, pepper))
+      end
+    end
+  end
+end

test/encryptors_test.rb

@@ -1,6 +1,13 @@
 require 'test_helper'
 
 class Encryptors < ActiveSupport::TestCase
+  test 'should match a password created by scrypt' do
+    secret    = '400$8$5$edf9769b2f75b26abfb539d649a5bbe2279b51da$1eb4af5f494573214e57f0521bf7c4d5c80fb793'
+    pepper    = 'd90e854a76a208eeb7122c11b073d74597afdf78b0bf8eef2dce59652dcda61537963ec319bd1dcf30d6db3ac65c7efbbd4dd82d9b7a4cde2839ced708e03b37'
+    salt      = '400$8$5$14a79bbc91b70a1fd5b5c02e75c14bd8e7f84d57'
+    encryptor = Devise::Encryptors::SCrypt.digest('123mudar', nil, salt, pepper)
+  end
+
   test 'should match a password created by authlogic' do
     authlogic = "b623c3bc9c775b0eb8edb218a382453396fec4146422853e66ecc4b6bc32d7162ee42074dcb5f180a770dc38b5df15812f09bbf497a4a1b95fe5e7d2b8eb7eb4"
     encryptor = Devise::Encryptors::AuthlogicSha512.digest('123mudar', 20, 'usZK_z_EAaF61Gwkw-ed', '')