JRuby Roundup: Ruby 1.8.7 Support, Android Support, Bcrypt-ruby

| by Werner Schuster Follow 7 Followers on Aug 13, 2009. Estimated reading time: 1 minute |

After deciding to hold off on Ruby 1.8.7 support in JRuby a year ago, the JRuby team has now added it in trunk:

Ruby 1.8.7 support has landed for JRuby 1.4! Thanks to @olabini, Marcin Mielzynski, and JRuby community members!

JRuby 1.4 is the next release of JRuby, due later this year, and a look at shows it will report itself to be Ruby version "1.8.7" by default.

JRuby's Android support is improving as well. Charles Nutter published a JRuby-based irb as an Android application, the source is available as ruboto-irb on GitHub.
In related news, the Android Scripting Environment now has JRuby scripting support.

A lot of Ruby libraries use native extensions to connect Ruby to native libraries - making them unavailable on JRuby. One such library is bcrypt-ruby. However, thanks to contributions by Phusion, bcrypt-ruby's next version will work on JRuby as well as Ruby 1.9.x. The JRuby support consists of a Java port of the bcrypt algorithm, the Ruby 1.9 support includes changes to how the GIL is handled and released during long running calculations.

So what is bcrypt-ruby? It implements a hash algorithm that runs much slower than others such as SHA-1. The idea is to use the algorithm to hash passwords; if a database with password hash values is stolen, it can be used to figure out the passwords. While hashing algorithms are one-way functions, it's still possible to hash a lot of possible passwords and compare the hash values with the entries in the database. A fast hash algorithm is quite helpful with this kind of brute force attack - and this where bcrypt comes in. The slow running algorithm makes it much harder to use brute force to attack hashed passwords.
The bcrypt-ruby library also ensures that the password hash is salted.

Rate this Article

Adoption Stage

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

1.8.7 was DOA by Daniel Berger

What a waste of time. 1.8.7 was a colossal cluster fuck of a half-breed release. Either switch to 1.9.x or stick with 1.8.6. Running 1.8.7 in production is lunacy. Why is EY supporting 1.8.7?

Re: 1.8.7 was DOA by Charles Nutter

Dan: We basically didn't *want* to move to 1.8.7, but the volume of bug reports about missing 1.8.7 features was steadily growing. The linux distros all ship 1.8.7 by default now. Snow Leopard will ship 1.8.7. 1.8.7 is the officially-blessed "current" 1.8 release. It was just creating work for us to stay at 1.8.6.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

2 Discuss

Login to InfoQ to interact with what matters most to you.

Recover your password...


Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.


More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.


Stay up-to-date

Set up your notifications and don't miss out on content that matters to you