Module: Crypt

Defined in:
lib/more/facets/crypt.rb

Overview

Crypt(3)

A pure ruby version of crypt(3), a salted one-way hashing of a password.

Constant Summary collapse

ITOA64 = 
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"

Class Method Summary collapse

Class Method Details

.check(password, hash, algo = :md5) ⇒ Object

check the validity of a password against an hashed string



159
160
161
162
163
 
# File 'lib/more/facets/crypt.rb', line 159

def self.check(password, hash, algo = :md5)
  magic, salt = hash.split('$')[1,2]
  magic = '$' + magic + '$'
  self.crypt(password, algo, salt, magic) == hash
end

.crypt(password, algo = :md5, salt = nil, magic = '$1$') ⇒ Object

A pure ruby version of crypt(3), a salted one-way hashing of a password.

Supported hashing algorithms are: md5, sha1, sha256, sha384, sha512, rmd160.

Only the md5 hashing algorithm is standard and compatible with crypt(3), the others are not standard.

Automatically generate a 8-bytes salt if nil.

Output a length hashed and salted string with size of magic.size + salt.size + 23.



64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
 
# File 'lib/more/facets/crypt.rb', line 64

def self.crypt(password, algo = :md5, salt = nil, magic='$1$')

  salt ||= generate_salt(8)

  case algo
    when :md5
      require "digest/md5"
    when :sha1
      require "digest/sha1"
    when :rmd160
      require "digest/rmd160"
    when :sha256, :sha384, :sha512
      require "digest/sha2"
  else
    raise(ArgumentError, "unknown algorithm")
  end
  digest_class = Digest.const_get(algo.to_s.upcase)

  # The password first, since that is what is most unknown. Then our magic string. Then the raw salt.
  m = digest_class.new
  m.update(password + magic + salt)

  # Then just as many characters of the MD5(pw,salt,pw)
  mixin = digest_class.new.update(password + salt + password).digest
  password.length.times do |i|
    m.update(mixin[i % 16].chr)
  end

  # Then something really weird...
  # Also really broken, as far as I can tell.  -m
  i = password.length
  while i != 0
    if (i & 1) != 0
      m.update("\x00")
    else
      m.update(password[0].chr)
    end
    i >>= 1
  end

  final = m.digest

  # and now, just to make sure things don't run too fast
  1000.times do |i|
    m2 = digest_class.new

    if (i & 1) != 0
      m2.update(password)
    else
      m2.update(final)
    end

    if (i % 3) != 0
      m2.update(salt)
    end
    if (i % 7) != 0
      m2.update(password)
    end

    if (i & 1) != 0
      m2.update(final)
    else
      m2.update(password)
    end

    final = m2.digest
  end

  # This is the bit that uses to64() in the original code.

  rearranged = ""

  [ [0, 6, 12], [1, 7, 13], [2, 8, 14], [3, 9, 15], [4, 10, 5] ].each do |a, b, c|

    v = final[a] << 16 | final[b] << 8 | final[c]

    4.times do
      rearranged += ITOA64[v & 0x3f].chr
      v >>= 6
    end
  end

  v = final[11]

  2.times do
    rearranged += ITOA64[v & 0x3f].chr
    v >>= 6
  end

  magic + salt + '$' + rearranged
end

.generate_salt(size) ⇒ Object

generate a size length random salt



168
169
170
 
# File 'lib/more/facets/crypt.rb', line 168

def self.generate_salt(size)
  (1..size).collect { ITOA64[rand(ITOA64.size)].chr }.join("")
end