JRuby Roundup: Ruby 1.8.7 Support, Android Support, Bcrypt-ruby
After deciding to hold off on Ruby 1.8.7 support in JRuby a year ago, the JRuby team has now added it in trunk:
Ruby 1.8.7 support has landed for JRuby 1.4! Thanks to @olabini, Marcin Mielzynski, and JRuby community members!
JRuby 1.4 is the next release of JRuby, due later this year, and a look at jruby.properties shows it will report itself to be Ruby version "1.8.7" by default.
JRuby's Android support is improving as well. Charles Nutter published a JRuby-based
irb as an Android application, the source is available as ruboto-irb on GitHub.
In related news, the Android Scripting Environment now has JRuby scripting support.
A lot of Ruby libraries use native extensions to connect Ruby to native libraries - making them unavailable on JRuby. One such library is bcrypt-ruby. However, thanks to contributions by Phusion, bcrypt-ruby's next version will work on JRuby as well as Ruby 1.9.x. The JRuby support consists of a Java port of the bcrypt algorithm, the Ruby 1.9 support includes changes to how the GIL is handled and released during long running calculations.
So what is bcrypt-ruby? It implements a hash algorithm that runs much slower than others such as SHA-1. The idea is to use the algorithm to hash passwords; if a database with password hash values is stolen, it can be used to figure out the passwords. While hashing algorithms are one-way functions, it's still possible to hash a lot of possible passwords and compare the hash values with the entries in the database. A fast hash algorithm is quite helpful with this kind of brute force attack - and this where bcrypt comes in. The slow running algorithm makes it much harder to use brute force to attack hashed passwords.
The bcrypt-ruby library also ensures that the password hash is salted.
1.8.7 was DOA
Re: 1.8.7 was DOA
Anatole Tresch Mar 03, 2015