Class: PasswordPing::Hashing

Inherits:
Object
  • Object
show all
Defined in:
lib/passwordping/hashing.rb

Class Method Summary collapse

Class Method Details

.argon2(to_hash, salt) ⇒ Object 



201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
 
# File 'lib/passwordping/hashing.rb', line 201

def self.argon2(to_hash, salt)
  time_cost = 3
  mem_cost = 10
  threads = 2
  hash_length = 20
  just_salt = salt

  #$argon2i$v=19$m=65536,t=2,p=4$c29tZXNhbHQ$RdescudvJCsgt3ub+b+dWRWJTmaaJObG
  if (salt[0..6] == '$argon2')
    # looks like we specified algo info for argon2 in the salt
    salt_values = salt.split('$')
    just_salt = Base64URL.decode(salt_values[4])
    cost_params = salt_values[3].split(',')

    for param in cost_params
      begin
        param_parts = param.split('=')
        if (param_parts[0] == 't')
          time_cost = Integer(param_parts[1])
        elsif (param_parts[0] == 'm')
          mem_cost = (Math.log10(Integer(param_parts[1])) / 0.30103).round
        elsif (param_parts[0] == 'p')
          threads = Integer(param_parts[1])
        elsif (param_parts[0] == 'l')
          hash_length = Integer(param_parts[1])
        end
      rescue ArgumentError
        # ignore invalid params and just use default
      end
    end

    if (salt_values[1] == 'argon2i')
      return Argon2Wrapper.hash_argon2i_encode(to_hash, just_salt, time_cost, mem_cost, threads, hash_length)
    else
      return Argon2Wrapper.hash_argon2d_encode(to_hash, just_salt, time_cost, mem_cost, threads, hash_length)
    end
  else
    return Argon2Wrapper.hash_argon2d_encode(to_hash, just_salt, time_cost, mem_cost, threads, hash_length)
  end
end

.argon2_raw(to_hash, salt) ⇒ Object 



160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
 
# File 'lib/passwordping/hashing.rb', line 160

def self.argon2_raw(to_hash, salt)
  time_cost = 3
  mem_cost = 10
  threads = 2
  hash_length = 20
  just_salt = salt

  #$argon2i$v=19$m=65536,t=2,p=4$c29tZXNhbHQ$RdescudvJCsgt3ub+b+dWRWJTmaaJObG
  if (salt[0..6] == '$argon2')
    # looks like we specified algo info for argon2 in the salt
    salt_values = salt.split('$')
    just_salt = Base64URL.decode(salt_values[4])
    cost_params = salt_values[3].split(',')

    for param in cost_params
      begin
        param_parts = param.split('=')
        if (param_parts[0] == 't')
          time_cost = Integer(param_parts[1])
        elsif (param_parts[0] == 'm')
          mem_cost = (Math.log10(Integer(param_parts[1])) / 0.30103).round
        elsif (param_parts[0] == 'p')
          threads = Integer(param_parts[1])
        elsif (param_parts[0] == 'l')
          hash_length = Integer(param_parts[1])
        end
      rescue ArgumentError
        # ignore invalid params and just use default
      end
    end

    if (salt_values[1] == 'argon2i')
      return Argon2Wrapper.hash_argon2i(to_hash, just_salt, time_cost, mem_cost, threads, hash_length)
    else
      return Argon2Wrapper.hash_argon2d(to_hash, just_salt, time_cost, mem_cost, threads, hash_length)
    end
  else
    return Argon2Wrapper.hash_argon2d(to_hash, just_salt, time_cost, mem_cost, threads, hash_length)
  end
end

.bcrypt(to_hash, salt) ⇒ Object 



68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
# File 'lib/passwordping/hashing.rb', line 68

def self.bcrypt(to_hash, salt)
  # if salt starts with $2y$, first replace with $2a$
  if salt[0..3] == '$2y$'
    y_variant = true
    checked_salt = '$2a$' + salt[4..-1]
  else
    y_variant = false
    checked_salt = salt
  end

  result = BCrypt::Engine.hash_secret(to_hash, checked_salt)

  if y_variant
    # replace with $2y$
    result = '$2y$' + result[4..-1]
  end

  return result
end

.bytes_to_hex(bytes) ⇒ Object 



252
253
254
 
# File 'lib/passwordping/hashing.rb', line 252

def self.bytes_to_hex(bytes)
  return bytes.pack('c*').unpack('H*')[0]
end

.crc32(to_hash) ⇒ Object 



56
57
58
 
# File 'lib/passwordping/hashing.rb', line 56

def self.crc32(to_hash)
  return Zlib.crc32(to_hash, 0).to_s(16)
end

.custom_algorithm1(to_hash, salt) ⇒ Object 



144
145
146
 
# File 'lib/passwordping/hashing.rb', line 144

def self.custom_algorithm1(to_hash, salt)
  return self.bytes_to_hex(self.xor(self.sha512_binary_array(to_hash + salt), self.whirlpool_binary_array(salt + to_hash)))
end

.custom_algorithm2(to_hash, salt) ⇒ Object 



148
149
150
 
# File 'lib/passwordping/hashing.rb', line 148

def self.custom_algorithm2(to_hash, salt)
  return self.md5(to_hash + salt)
end

.custom_algorithm4(to_hash, salt) ⇒ Object 



156
157
158
 
# File 'lib/passwordping/hashing.rb', line 156

def self.custom_algorithm4(to_hash, salt)
  return self.bcrypt(self.md5(to_hash), salt)
end

.hex_to_bytes(hex) ⇒ Object 



256
257
258
 
# File 'lib/passwordping/hashing.rb', line 256

def self.hex_to_bytes(hex)
  hex.scan(/../).map { |x| x.hex }.pack('c*')
end

.md5(to_hash) ⇒ Object 



12
13
14
 
# File 'lib/passwordping/hashing.rb', line 12

def self.md5(to_hash)
  return Digest::MD5.hexdigest to_hash
end

.md5_binary(to_hash) ⇒ Object 



16
17
18
 
# File 'lib/passwordping/hashing.rb', line 16

def self.md5_binary(to_hash)
  return Digest::MD5.digest(to_hash).bytes
end

.md5_binary_array(to_hash_bytes) ⇒ Object 



20
21
22
 
# File 'lib/passwordping/hashing.rb', line 20

def self.md5_binary_array(to_hash_bytes)
  return Digest::MD5.digest(to_hash_bytes.pack('c*')).bytes.collect
end

.md5crypt(to_hash, salt) ⇒ Object 



152
153
154
 
# File 'lib/passwordping/hashing.rb', line 152

def self.md5crypt(to_hash, salt)
  return UnixCrypt::MD5.build(to_hash, salt.start_with?('$1$') ? salt[3..salt.length] : salt);
end

.mybb(to_hash, salt) ⇒ Object 



60
61
62
 
# File 'lib/passwordping/hashing.rb', line 60

def self.mybb(to_hash, salt)
  return self.md5(self.md5(salt) + self.md5(to_hash))
end

.phpbb3(to_hash, salt) ⇒ Object 



88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
 
# File 'lib/passwordping/hashing.rb', line 88

def self.phpbb3(to_hash, salt)
  if !salt.start_with?('$H$')
    return ''
  end

  itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
  to_hash_bytes = to_hash.bytes.collect
  count = 2**itoa64.index(salt[3])
  justsalt = salt[4..12]

  hash = self.md5_binary(justsalt + to_hash).collect
  loop do
    hash = self.md5_binary_array((hash << to_hash_bytes).flatten!)
    count = count - 1;
    break if count == 0
  end

  hashout = ''
  i = 0
  count = 16
  value = 0

  loop do
    value = hash[i] + (hash[i] < 0 ? 256 : 0)
    i = i + 1
    hashout = hashout + itoa64[value & 63].chr

    if i < count
      value = value | (hash[i] + (hash[i] < 0 ? 256 : 0)) << 8;
    end

    hashout = hashout + itoa64[(value >> 6) & 63].chr
    i = i + 1
    if (i >= count)
      break
    end

    if (i < count)
      value = value | (hash[i] + (hash[i] < 0 ? 256 : 0)) << 16
    end

    hashout = hashout + itoa64[(value >> 12) & 63].chr

    i = i + 1
    if (i >= count)
      break
    end

    hashout = hashout + itoa64[(value >> 18) & 63].chr

    break if i == count
  end

  return salt + hashout
end

.sha1(to_hash) ⇒ Object 



24
25
26
 
# File 'lib/passwordping/hashing.rb', line 24

def self.sha1(to_hash)
  return Digest::SHA1.hexdigest to_hash
end

.sha256(to_hash) ⇒ Object 



28
29
30
 
# File 'lib/passwordping/hashing.rb', line 28

def self.sha256(to_hash)
  return Digest::SHA256.hexdigest to_hash
end

.sha512(to_hash) ⇒ Object 



32
33
34
 
# File 'lib/passwordping/hashing.rb', line 32

def self.sha512(to_hash)
  return OpenSSL::Digest::SHA512.new(to_hash).hexdigest
end

.sha512_binary(to_hash) ⇒ Object 



36
37
38
 
# File 'lib/passwordping/hashing.rb', line 36

def self.sha512_binary(to_hash)
  return OpenSSL::Digest::SHA512.new(to_hash).digest
end

.sha512_binary_array(to_hash) ⇒ Object 



40
41
42
 
# File 'lib/passwordping/hashing.rb', line 40

def self.sha512_binary_array(to_hash)
  return OpenSSL::Digest::SHA512.new(to_hash).digest.bytes.collect
end

.vbulletin(to_hash, salt) ⇒ Object 



64
65
66
 
# File 'lib/passwordping/hashing.rb', line 64

def self.vbulletin(to_hash, salt)
  return self.md5(self.md5(to_hash) + salt)
end

.whirlpool(to_hash) ⇒ Object 



44
45
46
 
# File 'lib/passwordping/hashing.rb', line 44

def self.whirlpool(to_hash)
  return Digest::Whirlpool.hexdigest(to_hash)
end

.whirlpool_binary(to_hash) ⇒ Object 



48
49
50
 
# File 'lib/passwordping/hashing.rb', line 48

def self.whirlpool_binary(to_hash)
  return Digest::Whirlpool.digest(to_hash)
end

.whirlpool_binary_array(to_hash) ⇒ Object 



52
53
54
 
# File 'lib/passwordping/hashing.rb', line 52

def self.whirlpool_binary_array(to_hash)
  return Digest::Whirlpool.digest(to_hash).bytes.collect
end

.xor(byte_array1, byte_array2) ⇒ Object 



242
243
244
245
246
247
248
249
250
 
# File 'lib/passwordping/hashing.rb', line 242

def self.xor(byte_array1, byte_array2)
    result = Array.new(byte_array1.length);

    for i in 0..byte_array1.length - 1 do
        result[i] = byte_array1[i] ^ byte_array2[i];
    end

    return result;
end