add fast xor, we need really fast xor to keep our password function honest.

Gemfile

@@ -17,6 +17,7 @@ gem 'clockwork', require: false
 gem 'em-redis'
 gem 'eventmachine'
 gem 'fast_xs'
+gem 'fast_xor'
 gem 'fastimage'
 gem 'fog', require: false
 gem 'has_ip_address'

Gemfile.lock

@@ -169,6 +169,9 @@ GEM
     fakeweb (1.3.0)
     faraday (0.8.5)
       multipart-post (~> 1.1)
+    fast_xor (1.1.1)
+      rake
+      rake-compiler
     fast_xs (0.8.0)
     fastimage (1.2.13)
     ffi (1.3.1)
@@ -344,6 +347,8 @@ GEM
       rdoc (~> 3.4)
       thor (>= 0.14.6, < 2.0)
     rake (10.0.3)
+    rake-compiler (0.8.3)
+      rake
     rb-fsevent (0.9.3)
     rb-inotify (0.8.8)
       ffi (>= 0.5.0)
@@ -477,6 +482,7 @@ DEPENDENCIES
   eventmachine
   fabrication
   fakeweb (~> 1.3.0)
+  fast_xor
   fast_xs
   fastimage
   fog

lib/pbkdf2.rb

@@ -9,6 +9,7 @@
 # 3. It does not monkey patch string
 
 require 'openssl'
+require 'xor'
 
 class Pbkdf2
   
@@ -20,7 +21,7 @@ class Pbkdf2
 
     2.upto(iterations) do 
      u = prf(h, password, u)
-     ret = xor(ret, u)
+     ret.xor!(u) 
     end
 
     ret.bytes.map{|b| ("0" + b.to_s(16))[-2..-1]}.join("")
@@ -28,6 +29,7 @@ class Pbkdf2
 
   protected 
 
+  # fallback xor in case we need it for jruby ... way slower
   def self.xor(x,y)
     x.bytes.zip(y.bytes).map{|x,y| x ^ y}.pack('c*')
   end