Class: PasswordPing::Hashing

Inherits:
Object
  • Object
show all
Defined in:
lib/passwordping/hashing.rb

Class Method Summary collapse

Class Method Details

.argon2(to_hash, salt) ⇒ Object 



199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
 
# File 'lib/passwordping/hashing.rb', line 199

def self.argon2(to_hash, salt)
  time_cost = 3
  mem_cost = 10
  threads = 2
  hash_length = 20
  just_salt = salt

  #$argon2i$v=19$m=65536,t=2,p=4$c29tZXNhbHQ$RdescudvJCsgt3ub+b+dWRWJTmaaJObG
  if (salt[0..6] == "$argon2")
    # looks like we specified algo info for argon2 in the salt
    salt_values = salt.split("$")
    just_salt = Base64URL.decode(salt_values[4])
    cost_params = salt_values[3].split(",")

    for param in cost_params
      begin
        param_parts = param.split("=")
        if (param_parts[0] == "t")
          time_cost = Integer(param_parts[1])
        elsif (param_parts[0] == "m")
          mem_cost = Math.log2(Integer(param_parts[1])).round
        elsif (param_parts[0] == "p")
          threads = Integer(param_parts[1])
        elsif (param_parts[0] == "l")
          hash_length = Integer(param_parts[1])
        end
      rescue ArgumentError
        # ignore invalid params and just use default
      end
    end

    if (salt_values[1] == "argon2i")
      return Argon2Wrapper.hash_argon2i_encode(to_hash, just_salt, time_cost, mem_cost, threads, hash_length)
    else
      return Argon2Wrapper.hash_argon2d_encode(to_hash, just_salt, time_cost, mem_cost, threads, hash_length)
    end
  else
    return Argon2Wrapper.hash_argon2d_encode(to_hash, just_salt, time_cost, mem_cost, threads, hash_length)
  end
end

.argon2_raw(to_hash, salt) ⇒ Object 



158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
 
# File 'lib/passwordping/hashing.rb', line 158

def self.argon2_raw(to_hash, salt)
  time_cost = 3
  mem_cost = 10
  threads = 2
  hash_length = 20
  just_salt = salt

  #$argon2i$v=19$m=65536,t=2,p=4$c29tZXNhbHQ$RdescudvJCsgt3ub+b+dWRWJTmaaJObG
  if (salt[0..6] == "$argon2")
    # looks like we specified algo info for argon2 in the salt
    salt_values = salt.split("$")
    just_salt = Base64URL.decode(salt_values[4])
    cost_params = salt_values[3].split(",")

    for param in cost_params
      begin
        param_parts = param.split("=")
        if (param_parts[0] == "t")
          time_cost = Integer(param_parts[1])
        elsif (param_parts[0] == "m")
          mem_cost = Math.log2(Integer(param_parts[1])).round
        elsif (param_parts[0] == "p")
          threads = Integer(param_parts[1])
        elsif (param_parts[0] == "l")
          hash_length = Integer(param_parts[1])
        end
      rescue ArgumentError
        # ignore invalid params and just use default
      end
    end

    if (salt_values[1] == "argon2i")
      return Argon2Wrapper.hash_argon2i(to_hash, just_salt, time_cost, mem_cost, threads, hash_length)
    else
      return Argon2Wrapper.hash_argon2d(to_hash, just_salt, time_cost, mem_cost, threads, hash_length)
    end
  else
    return Argon2Wrapper.hash_argon2d(to_hash, just_salt, time_cost, mem_cost, threads, hash_length)
  end
end

.bcrypt(to_hash, salt) ⇒ Object 



67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
# File 'lib/passwordping/hashing.rb', line 67

def self.bcrypt(to_hash, salt)
  # if salt starts with $2y$, first replace with $2a$
  if salt[0..3] == "$2y$"
    y_variant = true
    checked_salt = "$2a$" + salt[4..-1]
  else
    y_variant = false
    checked_salt = salt
  end

  result = BCrypt::Engine.hash_secret(to_hash, checked_salt)

  if y_variant
    # replace with $2y$
    result = "$2y$" + result[4..-1]
  end

  return result
end

.bytes_to_hex(bytes) ⇒ Object 



250
251
252
 
# File 'lib/passwordping/hashing.rb', line 250

def self.bytes_to_hex(bytes)
  return bytes.pack('c*').unpack('H*')[0]
end

.crc32(to_hash) ⇒ Object 



55
56
57
 
# File 'lib/passwordping/hashing.rb', line 55

def self.crc32(to_hash)
  return Zlib.crc32(to_hash, 0).to_s(16)
end

.custom_algorithm1(to_hash, salt) ⇒ Object 



142
143
144
 
# File 'lib/passwordping/hashing.rb', line 142

def self.custom_algorithm1(to_hash, salt)
  return self.bytes_to_hex(self.xor(self.sha512_binary_array(to_hash + salt), self.whirlpool_binary_array(salt + to_hash)))
end

.custom_algorithm2(to_hash, salt) ⇒ Object 



146
147
148
 
# File 'lib/passwordping/hashing.rb', line 146

def self.custom_algorithm2(to_hash, salt)
  return self.md5(to_hash + salt)
end

.custom_algorithm4(to_hash, salt) ⇒ Object 



154
155
156
 
# File 'lib/passwordping/hashing.rb', line 154

def self.custom_algorithm4(to_hash, salt)
  return self.bcrypt(self.md5(to_hash), salt)
end

.hex_to_bytes(hex) ⇒ Object 



254
255
256
 
# File 'lib/passwordping/hashing.rb', line 254

def self.hex_to_bytes(hex)
  hex.scan(/../).map { |x| x.hex }.pack('c*')
end

.md5(to_hash) ⇒ Object 



11
12
13
 
# File 'lib/passwordping/hashing.rb', line 11

def self.md5(to_hash)
  return Digest::MD5.hexdigest to_hash
end

.md5_binary(to_hash) ⇒ Object 



15
16
17
 
# File 'lib/passwordping/hashing.rb', line 15

def self.md5_binary(to_hash)
  return Digest::MD5.digest(to_hash).bytes
end

.md5_binary_array(to_hash_bytes) ⇒ Object 



19
20
21
 
# File 'lib/passwordping/hashing.rb', line 19

def self.md5_binary_array(to_hash_bytes)
  return Digest::MD5.digest(to_hash_bytes.pack('c*')).bytes
end

.md5crypt(to_hash, salt) ⇒ Object 



150
151
152
 
# File 'lib/passwordping/hashing.rb', line 150

def self.md5crypt(to_hash, salt)
  return UnixCrypt::MD5.build(to_hash, salt.start_with?("$1$") ? salt[3..salt.length] : salt);
end

.mybb(to_hash, salt) ⇒ Object 



59
60
61
 
# File 'lib/passwordping/hashing.rb', line 59

def self.mybb(to_hash, salt)
  return self.md5(self.md5(salt) + self.md5(to_hash))
end

.phpbb3(to_hash, salt) ⇒ Object 



87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
 
# File 'lib/passwordping/hashing.rb', line 87

def self.phpbb3(to_hash, salt)
  if !salt.start_with?("$H$")
    return ""
  end

  itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
  to_hash_bytes = to_hash.bytes
  count = 2**itoa64.index(salt[3])
  justsalt = salt[4..12]

  hash = self.md5_binary(justsalt + to_hash)
  loop do
    hash = self.md5_binary_array(hash.push(to_hash_bytes).flatten!)
    count = count - 1;
    break if count == 0
  end

  hashout = ""
  i = 0
  count = 16
  value = 0

  loop do
    value = hash[i] + (hash[i] < 0 ? 256 : 0)
    i = i + 1
    hashout = hashout + itoa64[value & 63]
    if i < count
      value = value | (hash[i] + (hash[i] < 0 ? 256 : 0)) << 8;
    end

    hashout = hashout + itoa64[(value >> 6) & 63]
    i = i + 1
    if (i >= count)
      break
    end

    if (i < count)
      value = value | (hash[i] + (hash[i] < 0 ? 256 : 0)) << 16
    end

    hashout = hashout + itoa64[(value >> 12) & 63]

    i = i + 1
    if (i >= count)
      break
    end

    hashout = hashout + itoa64[(value >> 18) & 63]

    break if i == count
  end

  return salt + hashout
end

.sha1(to_hash) ⇒ Object 



23
24
25
 
# File 'lib/passwordping/hashing.rb', line 23

def self.sha1(to_hash)
  return Digest::SHA1.hexdigest to_hash
end

.sha256(to_hash) ⇒ Object 



27
28
29
 
# File 'lib/passwordping/hashing.rb', line 27

def self.sha256(to_hash)
  return Digest::SHA256.hexdigest to_hash
end

.sha512(to_hash) ⇒ Object 



31
32
33
 
# File 'lib/passwordping/hashing.rb', line 31

def self.sha512(to_hash)
  return Digest::SHA512.hexdigest to_hash
end

.sha512_binary(to_hash) ⇒ Object 



35
36
37
 
# File 'lib/passwordping/hashing.rb', line 35

def self.sha512_binary(to_hash)
  return Digest::SHA512.digest to_hash
end

.sha512_binary_array(to_hash) ⇒ Object 



39
40
41
 
# File 'lib/passwordping/hashing.rb', line 39

def self.sha512_binary_array(to_hash)
  return Digest::SHA512.digest(to_hash).bytes
end

.vbulletin(to_hash, salt) ⇒ Object 



63
64
65
 
# File 'lib/passwordping/hashing.rb', line 63

def self.vbulletin(to_hash, salt)
  return self.md5(self.md5(to_hash) + salt)
end

.whirlpool(to_hash) ⇒ Object 



43
44
45
 
# File 'lib/passwordping/hashing.rb', line 43

def self.whirlpool(to_hash)
  return Digest::Whirlpool.hexdigest(to_hash)
end

.whirlpool_binary(to_hash) ⇒ Object 



47
48
49
 
# File 'lib/passwordping/hashing.rb', line 47

def self.whirlpool_binary(to_hash)
  return Digest::Whirlpool.digest(to_hash)
end

.whirlpool_binary_array(to_hash) ⇒ Object 



51
52
53
 
# File 'lib/passwordping/hashing.rb', line 51

def self.whirlpool_binary_array(to_hash)
  return Digest::Whirlpool.digest(to_hash).bytes
end

.xor(byte_array1, byte_array2) ⇒ Object 



240
241
242
243
244
245
246
247
248
 
# File 'lib/passwordping/hashing.rb', line 240

def self.xor(byte_array1, byte_array2)
    result = Array.new(byte_array1.length);

    for i in 0..byte_array1.length - 1 do
        result[i] = byte_array1[i] ^ byte_array2[i];
    end

    return result;
end