enigma-rb

https://github.com/y-dashev/enigma

Enigma is a lightweight Ruby gem designed to verify passwords hashed using Firebase's custom scrypt-based algorithm, making it ideal for seamless integrations and migrations involving Firebase authentication systems. It provides a secure, efficient way to compare a user-provided password against a stored hash without exposing sensitive details, ensuring constant-time comparisons to mitigate timing attacks. Key features include: - Full compatibility with Firebase Authentication's password hashing logic, combining scrypt with AES-256-CTR encryption for signing. - Configurable parameters for scrypt (rounds, memory cost), signer keys, and salt separators. - Secure practices using OpenSSL's fixed-length comparisons. - Support for custom logging, with easy integration into Rails or other frameworks. - Minimal dependencies, relying on the 'scrypt' gem alongside Ruby's standard library. A common use case is migrating users from Firebase to systems like Devise in Ruby on Rails. During migration, extract the user's base64-encoded salt and stored hash from Firebase, then use Enigma to verify the input password. If it matches, set the raw password in Devise to generate a new hash, avoiding forced resets and ensuring a smooth transition. Whether for custom auth systems, password audits, or hybrid setups, Enigma simplifies secure verification while prioritizing ease of use.