forgiva 1.0.1.3 → 1.0.1.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +13 -0
  3. data/bin/forgiva +3 -1
  4. data/forgiva.gemspec +4 -2
  5. data/lib/forgiva.rb +8 -2
  6. data/lib/forgiva_commands.rb +8 -3
  7. data/lib/forgiva_test.rb +12 -4
  8. data/lib/testvectors.rb +26 -9
  9. metadata +16 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 6eea18fa057dc130bf24a605e77cb21234c7d4cb
4
- data.tar.gz: 13d03552aa15adb692d2b51f513de68b69e2a763
3
+ metadata.gz: 68b2ee29a36af7011dc08b12cd2e349a58e7051a
4
+ data.tar.gz: 50b85a2071572aaf2ac7512a1c25f6f40d8a62d8
5
5
  SHA512:
6
- metadata.gz: 0eb94f1d579590c611fd117ae256c75a0fa5b8ec1fdd681fe14364f74cdbffb056c834641fa1277af0178c45dcc6037035eedf968ac23c729a95f04c1cfd56ea
7
- data.tar.gz: cfab0220121da7cbabd4cbda407eece93b4524fbba833dd2a981b9f33d33adab9b3bf233f8540b007d4763b36e74af069d4193d65357e779954b2af52c06978a
6
+ metadata.gz: edf632949c2525c29ac37e04095bbe43bbec0b164542a1be02f8cf8f1dc909e97f78d9654818e8b6668d90333a67dd41ee036e8233d97bdb81d74272e2bfe5a8
7
+ data.tar.gz: bf252d1e773ca9944c9eb66396df81f0d1af258349596aee7537e62593e0ef1c347c607033f09dd1d298f0f6581729fe25537664c6590fc7748ce2181f0ad1a9
data/README.md CHANGED
@@ -80,10 +80,19 @@ Application Options:
80
80
  -c, --complexity=C_LEVEL 0-3 complexity level of password generation. (Default: 0)
81
81
  -e, --select-credentials Select host and account info from saved list of credentials. If just host or account specified then you get filtered credentials.
82
82
  -t, --test Runs core tests for the algorithm
83
+ -p, --scrypt Use scrypt algorithm to strengthen algorithm
83
84
  ```
84
85
 
86
+ ## Release notes
87
+
88
+ - 1.0.1.3 and 1.0.1.4
89
+ - Added scrypt support with -p/--scrypt option
90
+ - Fixed various parameter parsing bugs
91
+
85
92
  ## Algorithm
86
93
 
94
+ (Note: After 1.0.1.4 version, SCrypt support added)
95
+
87
96
  Forgiva uses following digest and encryption algorithm to complex password
88
97
  generation phases:
89
98
 
@@ -201,11 +210,15 @@ Forgiva uses PBKDF2-HMAC as base of the key-derivation family and uses **forgiva
201
210
 
202
211
  Depending on choices of the complexity it uses SHA1 (Normal),SHA256 (Intermediate) and SHA512 (Advanced) hashing algorithms.
203
212
 
213
+ Note: After 1.0.1.4 Algorithm; SCrypt support added
214
+
204
215
  ```
205
216
  algorithm key-derivation
206
217
  Input: forgiva-encrypted-inputs as SALT, SHA512 value of master key as KEY
207
218
  Output: Array of password sized of animal count
208
219
  hash = KEY
220
+ if scrypt_required
221
+ hash = scrypt(hash,SALT,131072,8,1) // n = 2^7 , p=8, r=1
209
222
  for each Animal
210
223
  hash = PBKDF2_HMAC_SHA1(hash,SALT, 10.000 iterationg with 32 bit key expectation)
211
224
  password = forgiva-hash-to-password(hash)
data/bin/forgiva CHANGED
@@ -15,7 +15,7 @@ BANNER = Constants::COLOR_CYA + "\n .-\" L_ " +
15
15
 
16
16
  USAGE = <<ENDUSAGE
17
17
  Usage:
18
- forgiva [-h HOST] [-a ACCOUNT-ID] [-l LENGTH] [-s] [-c [1-3]] [-e] [OPTION...]
18
+ forgiva [-h HOST] [-a ACCOUNT-ID] [-l LENGTH] [-s] [-c [1-3]] [-e] [-p] [OPTION...]
19
19
  ENDUSAGE
20
20
 
21
21
  HELP = <<ENDHELP
@@ -32,6 +32,7 @@ Application Options:
32
32
  \t-c, --complexity=C_LEVEL 0-3 complexity level of password generation. (Default: 0)
33
33
  \t-e, --select-credentials Select host and account info from saved list of credentials. If just host or account specified then you get filtered credentials.
34
34
  \t-t, --test Runs core tests for the algorithm
35
+ \t-p, --scrypt Use scrypt algorithm to strengthen algorithm
35
36
  ENDHELP
36
37
 
37
38
 
@@ -74,6 +75,7 @@ t_hash_args = Hash[ ARGV.join(" ").
74
75
  gsub("-e","-e 0").
75
76
  gsub("-t","-t 0").
76
77
  gsub("-s","-s 0").
78
+ gsub("-p","-p 0").
77
79
  scan(/--?([^=\s]+)(?:[=\s+]?([^-]\S+))?/) ]
78
80
 
79
81
 
data/forgiva.gemspec CHANGED
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |gem|
2
2
  gem.name = 'forgiva'
3
- gem.version = '1.0.1.3'
4
- gem.date = '2016-09-31'
3
+ gem.version = '1.0.1.4'
4
+ gem.date = '2016-10-03'
5
5
 
6
6
  gem.summary = 'Forgiva'
7
7
  gem.description = 'The new-age password manager.'
@@ -16,6 +16,8 @@ Gem::Specification.new do |gem|
16
16
  gem.files = `git ls-files`.split("\n")
17
17
 
18
18
  gem.add_runtime_dependency 'highline', '~> 1.6', '>= 1.6.20'
19
+ gem.add_runtime_dependency 'scrypt'
20
+
19
21
 
20
22
  gem.add_development_dependency 'rubocop', '~> 0.26'
21
23
  end
data/lib/forgiva.rb CHANGED
@@ -2,18 +2,20 @@
2
2
  require 'openssl'
3
3
  require 'highline/import'
4
4
  require 'constants'
5
+ require 'scrypt'
5
6
 
6
7
  # Password generation from 4 inputs
7
8
  class Forgiva
8
- attr_accessor :hostname, :account, :renewal_date, :master_password, :complexity, :length
9
+ attr_accessor :hostname, :account, :renewal_date, :master_password, :complexity, :length, :use_scrypt
9
10
 
10
- def initialize(hostname, account, renewal_date, master_password, complexity, length)
11
+ def initialize(hostname, account, renewal_date, master_password, complexity, length, use_scrypt)
11
12
  @hostname = hostname
12
13
  @account = account
13
14
  @renewal_date = renewal_date
14
15
  @master_password = master_password
15
16
  @complexity = complexity
16
17
  @length = length
18
+ @use_scrypt = use_scrypt
17
19
  end
18
20
 
19
21
  def passwords
@@ -43,6 +45,10 @@ class Forgiva
43
45
 
44
46
  puts "ENC KEY: #{key.unpack('H*')}" if Constants::DEBUG_OUTPUT
45
47
 
48
+ if (@use_scrypt) then
49
+ key = SCrypt::Engine.scrypt(key,salt,131072,8,1,32)
50
+ end
51
+
46
52
 
47
53
  Constants::ANIMALS.each do |a|
48
54
  # For every other animal we re-run pbkdf2 hmac with sha1 over key
data/lib/forgiva_commands.rb CHANGED
@@ -91,13 +91,14 @@ class ForgivaCommands
91
91
  init_length
92
92
  init_master_password
93
93
  init_complexity
94
+ init_scrypt
94
95
 
95
96
  puts Constants::COLOR_GRN + "Generating..." + Constants::COLOR_RST
96
97
  puts ""
97
98
 
98
99
  record if record?
99
100
 
100
- passwords = make_passwords(@hostname, @account, @renewal_date, @master_password, @complexity, @length)
101
+ passwords = make_passwords(@hostname, @account, @renewal_date, @master_password, @complexity, @length, @use_scrypt)
101
102
 
102
103
  if animals.length > 1
103
104
  Constants::ANIMALS.each { |a| puts "#{Constants::COLOR_YEL}#{a}#{Constants::COLOR_RST}\t#{Constants::COLOR_BRI}#{passwords[a]}#{Constants::COLOR_RST}" }
@@ -114,6 +115,10 @@ class ForgivaCommands
114
115
  hash_args.key?('e') || hash_args.key?('select-credentials')
115
116
  end
116
117
 
118
+ def init_scrypt
119
+ @use_scrypt = (hash_args['p'] != nil || hash_args['scrypt'] != nil)
120
+ end
121
+
117
122
  def init_length
118
123
  @length = 16
119
124
  @length = hash_args['l'].to_i if hash_args['l'] != nil
@@ -178,8 +183,8 @@ class ForgivaCommands
178
183
 
179
184
  end
180
185
 
181
- def make_passwords(hostname, account, renewal_date, master_password, complexity,length)
182
- Forgiva.new(hostname, account, renewal_date, master_password,complexity,length).passwords
186
+ def make_passwords(hostname, account, renewal_date, master_password, complexity,length,use_scrypt)
187
+ Forgiva.new(hostname, account, renewal_date, master_password,complexity,length,use_scrypt).passwords
183
188
  end
184
189
 
185
190
 
data/lib/forgiva_test.rb CHANGED
@@ -34,9 +34,13 @@ class ForgivaTest
34
34
 
35
35
  TestVectors::FG_TESTS.each do |test_vec|
36
36
 
37
+ for i in 0..1 do
37
38
  puts "#{Constants::COLOR_GRN} Testing forgiva #{Constants::COLOR_BLU} #{test_vec[:host]} " \
38
39
  <<"/ #{test_vec[:account]} / #{test_vec[:renewal_date]} / #{Constants::COLOR_MGN} #{test_vec[:animal_name]} #{Constants::COLOR_GRN} " \
39
- <<" on complexity #{test_vec[:complexity]} #{Constants::COLOR_RST}"
40
+ <<" on complexity #{test_vec[:complexity]} #{Constants::COLOR_RST}" \
41
+ <<"#{Constants::COLOR_YEL}" \
42
+ << (i == 1 ? "+SCRYPT" : "") \
43
+ << "#{Constants::COLOR_RST}"
40
44
 
41
45
  p_hash = OpenSSL::Digest.digest("sha512",test_vec[:master_key])
42
46
 
@@ -45,16 +49,20 @@ class ForgivaTest
45
49
  test_vec[:renewal_date],
46
50
  p_hash,
47
51
  test_vec[:complexity],
48
- 16).passwords
52
+ 16,
53
+ i == 1
54
+ ).passwords
49
55
 
50
56
  g_pass = passes[test_vec[:animal_name]].unpack('H*')[0]
51
57
 
58
+ expected = (i == 0 ? test_vec[:expected_password_hash] : test_vec[:expected_password_hash_scrypt])
52
59
 
53
- if (g_pass.downcase != test_vec[:expected_password_hash]) then
54
- puts "#{Constants::COLOR_RED} FAILED: (Expected: #{test_vec[:expected_password_hash]}) #{Constants::COLOR_RST} #{g_pass}"
60
+ if (g_pass.downcase != expected) then
61
+ puts "#{Constants::COLOR_RED} FAILED: (Expected: #{expected}) #{Constants::COLOR_RST} #{g_pass}"
55
62
  else
56
63
  puts "#{Constants::COLOR_GRN}! SUCCESS: (#{g_pass}) #{Constants::COLOR_RST}"
57
64
  end
65
+ end
58
66
 
59
67
 
60
68
  end
data/lib/testvectors.rb CHANGED
@@ -9,7 +9,9 @@ module TestVectors
9
9
  :master_key => "forgiva_rockz_all_the_fuck1ng_t1m3",
10
10
  :complexity => Constants::FORGIVA_PG_SIMPLE,
11
11
  :animal_name => "Ape",
12
- :expected_password_hash => "797036592a475f78444c6153504d3757"},
12
+ :expected_password_hash => "797036592a475f78444c6153504d3757",
13
+ :expected_password_hash_scrypt => "466b74674d645a4d6939302a6e56797a"
14
+ },
13
15
 
14
16
  ## facebook.com - root
15
17
  {:host => "facebook.com",
@@ -18,7 +20,8 @@ module TestVectors
18
20
  :master_key => "forgiva_rockz_all_the_fuck1ng_t1m3",
19
21
  :complexity => Constants::FORGIVA_PG_INTERMEDIATE,
20
22
  :animal_name => "Bat",
21
- :expected_password_hash => "5544245f2b72682e4635765040416a49"
23
+ :expected_password_hash => "5544245f2b72682e4635765040416a49",
24
+ :expected_password_hash_scrypt => "354b223d3b6c246733386c2d6674283d"
22
25
 
23
26
  },
24
27
 
@@ -29,7 +32,8 @@ module TestVectors
29
32
  :master_key => "forgiva_rockz_all_the_fuck1ng_t1m3",
30
33
  :complexity => Constants::FORGIVA_PG_ADVANCED,
31
34
  :animal_name => "Bear",
32
- :expected_password_hash => "4f5c7653513251417a675949284c5539"
35
+ :expected_password_hash => "4f5c7653513251417a675949284c5539",
36
+ :expected_password_hash_scrypt => "587a796a7c40267426637b694d345459"
33
37
 
34
38
  },
35
39
 
@@ -40,8 +44,11 @@ module TestVectors
40
44
  :master_key => "forgiva_rockz_all_the_fuck1ng_t1m3",
41
45
  :complexity => Constants::FORGIVA_PG_SIMPLE,
42
46
  :animal_name => "Whale",
43
- :expected_password_hash => "6465635a675374322f47695051464157"
47
+ :expected_password_hash => "6465635a675374322f47695051464157",
48
+ :expected_password_hash_scrypt => "496375392e63486a59434473334d6169"
44
49
  },
50
+
51
+
45
52
 
46
53
  ## microsoft.com - toor
47
54
  {:host => "microsoft.com",
@@ -50,9 +57,11 @@ module TestVectors
50
57
  :master_key => "forgiva_rockz_all_the_fuck1ng_t1m3",
51
58
  :complexity => Constants::FORGIVA_PG_INTERMEDIATE,
52
59
  :animal_name => "Crow",
53
- :expected_password_hash => "4d314573586d403649672970786d7133"
60
+ :expected_password_hash => "4d314573586d403649672970786d7133",
61
+ :expected_password_hash_scrypt => "3e51542a4d364d31657673467c6d4728"
54
62
  },
55
63
 
64
+
56
65
  ## 192.168.0.1 - root
57
66
  {:host => "192.168.0.1",
58
67
  :account => "root",
@@ -60,9 +69,12 @@ module TestVectors
60
69
  :master_key => "forgiva_rockz_all_the_fuck1ng_t1m3",
61
70
  :complexity => Constants::FORGIVA_PG_ADVANCED,
62
71
  :animal_name => "Dog",
63
- :expected_password_hash => "2c376d234a7a6c4d6f785c34494a672a"
72
+ :expected_password_hash => "2c376d234a7a6c4d6f785c34494a672a",
73
+ :expected_password_hash_scrypt => "4939c2a232217c5c405a6c714e76552566"
64
74
  },
65
75
 
76
+
77
+
66
78
  ## 10.0.0.2:22 - root
67
79
  {:host => "10.0.0.2:22",
68
80
  :account => "root",
@@ -70,10 +82,13 @@ module TestVectors
70
82
  :master_key => "forgiva_rockz_all_the_fuck1ng_t1m3",
71
83
  :complexity => Constants::FORGIVA_PG_SIMPLE,
72
84
  :animal_name => "Duck",
73
- :expected_password_hash => "6440562a36375065693646396e312c4b"
85
+ :expected_password_hash => "6440562a36375065693646396e312c4b",
86
+ :expected_password_hash_scrypt => "345057425a5133756c5965745f7a7054"
74
87
 
75
88
  },
76
89
 
90
+
91
+
77
92
  ## 10.0.0.2:22 - k3ym4k3r
78
93
  {:host => "10.0.0.2:22",
79
94
  :account => "k3ym4k3r",
@@ -81,7 +96,8 @@ module TestVectors
81
96
  :master_key => "forgiva_rockz_all_the_fuck1ng_t1m3",
82
97
  :complexity => Constants::FORGIVA_PG_INTERMEDIATE,
83
98
  :animal_name => "Cat",
84
- :expected_password_hash => "78435f57566e2f53535f2e617738293b"
99
+ :expected_password_hash => "78435f57566e2f53535f2e617738293b",
100
+ :expected_password_hash_scrypt => "5c624f23723e704673452530773e3144"
85
101
 
86
102
  },
87
103
 
@@ -92,7 +108,8 @@ module TestVectors
92
108
  :master_key => "forgiva_rockz_all_the_fuck1ng_t1m3",
93
109
  :complexity => Constants::FORGIVA_PG_ADVANCED,
94
110
  :animal_name => "Wasp",
95
- :expected_password_hash => "54534a582b265f337e2e43403b536861"
111
+ :expected_password_hash => "54534a582b265f337e2e43403b536861",
112
+ :expected_password_hash_scrypt => "332b2541364e306537704e4551763938"
96
113
  }].freeze
97
114
 
98
115
  FA_TESTS = [{:is_encryption_algorithm => true,
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: forgiva
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1.3
4
+ version: 1.0.1.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Harun Esur
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-10-01 00:00:00.000000000 Z
11
+ date: 2016-10-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: highline
@@ -30,6 +30,20 @@ dependencies:
30
30
  - - ">="
31
31
  - !ruby/object:Gem::Version
32
32
  version: 1.6.20
33
+ - !ruby/object:Gem::Dependency
34
+ name: scrypt
35
+ requirement: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - ">="
38
+ - !ruby/object:Gem::Version
39
+ version: '0'
40
+ type: :runtime
41
+ prerelease: false
42
+ version_requirements: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - ">="
45
+ - !ruby/object:Gem::Version
46
+ version: '0'
33
47
  - !ruby/object:Gem::Dependency
34
48
  name: rubocop
35
49
  requirement: !ruby/object:Gem::Requirement