BT

JRuby Roundup: Ruby 1.8.7 Support, Android Support, Bcrypt-ruby

by Werner Schuster on Aug 13, 2009 |

After deciding to hold off on Ruby 1.8.7 support in JRuby a year ago, the JRuby team has now added it in trunk:

Ruby 1.8.7 support has landed for JRuby 1.4! Thanks to @olabini, Marcin Mielzynski, and JRuby community members!

JRuby 1.4 is the next release of JRuby, due later this year, and a look at jruby.properties shows it will report itself to be Ruby version "1.8.7" by default.

JRuby's Android support is improving as well. Charles Nutter published a JRuby-based irb as an Android application, the source is available as ruboto-irb on GitHub.
In related news, the Android Scripting Environment now has JRuby scripting support.

A lot of Ruby libraries use native extensions to connect Ruby to native libraries - making them unavailable on JRuby. One such library is bcrypt-ruby. However, thanks to contributions by Phusion, bcrypt-ruby's next version will work on JRuby as well as Ruby 1.9.x. The JRuby support consists of a Java port of the bcrypt algorithm, the Ruby 1.9 support includes changes to how the GIL is handled and released during long running calculations.

So what is bcrypt-ruby? It implements a hash algorithm that runs much slower than others such as SHA-1. The idea is to use the algorithm to hash passwords; if a database with password hash values is stolen, it can be used to figure out the passwords. While hashing algorithms are one-way functions, it's still possible to hash a lot of possible passwords and compare the hash values with the entries in the database. A fast hash algorithm is quite helpful with this kind of brute force attack - and this where bcrypt comes in. The slow running algorithm makes it much harder to use brute force to attack hashed passwords.
The bcrypt-ruby library also ensures that the password hash is salted.

Hello stranger!

You need to Register an InfoQ account or to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

1.8.7 was DOA by Daniel Berger

What a waste of time. 1.8.7 was a colossal cluster fuck of a half-breed release. Either switch to 1.9.x or stick with 1.8.6. Running 1.8.7 in production is lunacy. Why is EY supporting 1.8.7?

Re: 1.8.7 was DOA by Charles Nutter

Dan: We basically didn't *want* to move to 1.8.7, but the volume of bug reports about missing 1.8.7 features was steadily growing. The linux distros all ship 1.8.7 by default now. Snow Leopard will ship 1.8.7. 1.8.7 is the officially-blessed "current" 1.8 release. It was just creating work for us to stay at 1.8.6.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

2 Discuss

Educational Content

General Feedback
Bugs
Advertising
Editorial
InfoQ.com and all content copyright © 2006-2013 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT