search

technion / ruby-argon2

A Ruby gem offering bindings for Argon2 password hashing
MIT License
229 stars 30 forks source link

Unable to install latest on master via Bundler #53

Closed karl-finch closed 2 years ago

karl-finch commented 2 years ago

I can build fine if I run bin/setup but if I try to install via bundler I get this error in gem_make.out:

current directory: /home/kfinch/.rvm/gems/ruby-3.0.2/bundler/gems/ruby-argon2-0ef1e33b7d9e/ext/argon2_wrap
/home/kfinch/.rvm/rubies/ruby-3.0.2/bin/ruby -I /home/kfinch/.rvm/rubies/ruby-3.0.2/lib/ruby/3.0.0 -r ./siteconf20211001-193036-cw25ka.rb extconf.rb

current directory: /home/kfinch/.rvm/gems/ruby-3.0.2/bundler/gems/ruby-argon2-0ef1e33b7d9e/ext/argon2_wrap
make DESTDIR\= clean
rm -f tests libargon2_wrap.so

current directory: /home/kfinch/.rvm/gems/ruby-3.0.2/bundler/gems/ruby-argon2-0ef1e33b7d9e/ext/argon2_wrap
make DESTDIR\=
make: *** No rule to make target '../phc-winner-argon2/src/argon2.c', needed by 'libs'.  Stop.

make failed, exit code 2

I'm just trying to get the latest feature that let's me set p_cost. Also wish all options of the argon2 reference command were implemented so I can set the hash length to 64 instead of 32 as the gem has it hardcoded.

technion commented 2 years ago

Unfortunately if you want to install from master, you'll have to run through bin/setup. I don't have a clean way to address that, except to say that I try to make releases any time I become aware of a useful feature in master. To that end, I've just pushed 2.1.0.

irb(main):001:0> require 'argon2'
=> true
irb(main):002:0> Argon2::VERSION
=> "2.1.0"
irb(main):003:0> hasher = Argon2::Password.new(t_cost: 2, m_cost: 16, p_cost: 4)
=> #<Argon2::Password:0x00005639fa7faca8 @insecure_salt=nil, @m_cost=16, @p_cost=4, @secret=nil, @t_cost=2>
irb(main):004:0> hasher.create("password")
=> "$argon2id$v=19$m=65536,t=2,p=4$pnhdF1WSQfLYRIw8qE/Ing$2Gvk6LJPlhinG72aq4mZSThhzOAEXiCHzoRYc3FW0Ek"

Setting the hash length in my view is another of those choices the average user just shouldn't make. I appreciate you may have a particular use case, but in general, for example, I've had no end of complaints about the fact you're not encouraged to set your own salt.

karl-finch commented 2 years ago

Thanks for the 2.1.0 release! I'll go with your default hash length of 32 however my rational for using 64 is just to future-proof my work a bit. 64-bytes should be strictly more secure than 32, should it not? A secure minimum of 32-bytes would make sense but I don't see the argument for limiting the maximum.

Anyway, thank you for your work!