Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News JRuby Roundup: Ruby 1.8.7 Support, Android Support, Bcrypt-ruby

JRuby Roundup: Ruby 1.8.7 Support, Android Support, Bcrypt-ruby

This item in japanese


After deciding to hold off on Ruby 1.8.7 support in JRuby a year ago, the JRuby team has now added it in trunk:

Ruby 1.8.7 support has landed for JRuby 1.4! Thanks to @olabini, Marcin Mielzynski, and JRuby community members!

JRuby 1.4 is the next release of JRuby, due later this year, and a look at shows it will report itself to be Ruby version "1.8.7" by default.

JRuby's Android support is improving as well. Charles Nutter published a JRuby-based irb as an Android application, the source is available as ruboto-irb on GitHub.
In related news, the Android Scripting Environment now has JRuby scripting support.

A lot of Ruby libraries use native extensions to connect Ruby to native libraries - making them unavailable on JRuby. One such library is bcrypt-ruby. However, thanks to contributions by Phusion, bcrypt-ruby's next version will work on JRuby as well as Ruby 1.9.x. The JRuby support consists of a Java port of the bcrypt algorithm, the Ruby 1.9 support includes changes to how the GIL is handled and released during long running calculations.

So what is bcrypt-ruby? It implements a hash algorithm that runs much slower than others such as SHA-1. The idea is to use the algorithm to hash passwords; if a database with password hash values is stolen, it can be used to figure out the passwords. While hashing algorithms are one-way functions, it's still possible to hash a lot of possible passwords and compare the hash values with the entries in the database. A fast hash algorithm is quite helpful with this kind of brute force attack - and this where bcrypt comes in. The slow running algorithm makes it much harder to use brute force to attack hashed passwords.
The bcrypt-ruby library also ensures that the password hash is salted.

Rate this Article


Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Community comments

  • 1.8.7 was DOA

    by Daniel Berger,

    Your message is awaiting moderation. Thank you for participating in the discussion.

    What a waste of time. 1.8.7 was a colossal cluster fuck of a half-breed release. Either switch to 1.9.x or stick with 1.8.6. Running 1.8.7 in production is lunacy. Why is EY supporting 1.8.7?

  • Re: 1.8.7 was DOA

    by Charles Nutter,

    Your message is awaiting moderation. Thank you for participating in the discussion.

    Dan: We basically didn't *want* to move to 1.8.7, but the volume of bug reports about missing 1.8.7 features was steadily growing. The linux distros all ship 1.8.7 by default now. Snow Leopard will ship 1.8.7. 1.8.7 is the officially-blessed "current" 1.8 release. It was just creating work for us to stay at 1.8.6.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p