Module: Crypt3

Defined in:
lib/crypt3.rb

Overview

Crypt3 is a pure ruby version of crypt(3), a salted one-way hashing of a password.

The Ruby version was written by Poul-Henning Kamp.

Adapted by guillaume__dot__pierronnet_at__laposte__dot_net based on

which is based on FreeBSD src/lib/libcrypt/crypt.c 1.2

_Original License_

“THE BEER-WARE LICENSE” (Revision 42): <[email protected]> wrote this file. As long as you retain this notice you can do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp

Copyright © 2002 Poul-Henning Kamp

Defined Under Namespace

Modules: ImpOrd2String

Constant Summary collapse

VERSION =

Current version of the library.

'1.1.5'
ITOA64 =

Base 64 character set.

"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"

Class Method Summary collapse

Class Method Details

.check(password, hash, algo = :md5) ⇒ Boolean

Check the validity of a password against an hashed string.

Parameters:

  • password

    The pharse that was encrypted. [String]

  • hash

    The cryptogrphic hash. [String]

  • algo (defaults to: :md5)

    The algorithm used. [Symbol]

Returns:

  • (Boolean)

    Returns true if it checks out.



152
153
154
155
156
# File 'lib/crypt3.rb', line 152

def self.check(password, hash, algo = :md5)
  magic, salt = hash.split('$')[1,2]
  magic = '$' + magic + '$'
  self.crypt(password, algo, salt, magic) == hash
end

.crypt(password, algo = :md5, salt = nil, magic = '$1$') ⇒ Object

A pure ruby version of crypt(3), a salted one-way hashing of a password.

Supported hashing algorithms are: md5, sha1, sha256, sha384, sha512, rmd160.

Only the md5 hashing algorithm is standard and compatible with crypt(3), the others are not standard.

Automatically generates an 8-byte salt if none given.

Output a length hashed and salted string with size of ‘magic.size + salt.size + 23`.

Parameters:

  • password

    The pharse that was encrypted. [String]

  • algo (defaults to: :md5)

    The algorithm used. [Symbol]

  • salt (defaults to: nil)

    Cryptographic salt, random if ‘nil`.

  • Retuns

    the cryptogrphic hash. [String]



50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
# File 'lib/crypt3.rb', line 50

def self.crypt(password, algo=:md5, salt=nil, magic='$1$')

  salt ||= generate_salt(8)

  case algo
    when :md5
      require "digest/md5"
    when :sha1
      require "digest/sha1"
    when :rmd160
      require "digest/rmd160"
    when :sha256, :sha384, :sha512
      require "digest/sha2"
  else
    raise(ArgumentError, "unknown algorithm")
  end
  digest_class = Digest.const_get(algo.to_s.upcase)

  # The password first, since that is what is most unknown. Then our magic string. Then the raw salt.
  m = digest_class.new
  m.update(password + magic + salt)

  # Then just as many characters of the MD5(pw,salt,pw)
  mixin = digest_class.new.update(password + salt + password).digest
  password.length.times do |i|
    m.update(mixin[i % 16].chr)
  end

  # Then something really weird...
  # Also really broken, as far as I can tell.  -m
  i = password.length
  while i != 0
    if (i & 1) != 0
      m.update("\x00")
    else
      m.update(password[0].chr)
    end
    i >>= 1
  end

  final = m.digest

  # and now, just to make sure things don't run too fast
  1000.times do |i|
    m2 = digest_class.new

    if (i & 1) != 0
      m2.update(password)
    else
      m2.update(final)
    end

    if (i % 3) != 0
      m2.update(salt)
    end
    if (i % 7) != 0
      m2.update(password)
    end

    if (i & 1) != 0
      m2.update(final)
    else
      m2.update(password)
    end

    final = m2.digest
  end

  # This is the bit that uses to64() in the original code.

  rearranged = ""

  if defined?("has_ord?".ord)
    final.extend ImpOrd2String
  end
  [ [0, 6, 12], [1, 7, 13], [2, 8, 14], [3, 9, 15], [4, 10, 5] ].each do |a, b, c|

    v = final[a] << 16 | final[b] << 8 | final[c]

    4.times do
      rearranged += ITOA64[v & 0x3f].chr
      v >>= 6
    end
  end

  v = final[11]

  2.times do
    rearranged += ITOA64[v & 0x3f].chr
    v >>= 6
  end

  magic + salt + '$' + rearranged
end

.generate_salt(size) ⇒ String

Generate a random salt of the given ‘size`.

Parameters:

  • size

    The size of the salt. [Integer]

Returns:

  • (String)

    Returns random salt.



163
164
165
# File 'lib/crypt3.rb', line 163

def self.generate_salt(size)
  (1..size).collect { ITOA64[rand(ITOA64.size)].chr }.join("")
end