passwordping 1.0.1 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/lib/passwordping.rb +1 -4
- data/lib/passwordping/hashing.rb +43 -2
- data/lib/passwordping/version.rb +1 -1
- data/passwordping.gemspec +2 -0
- metadata +42 -3
- data/lib/digest/whirlpool.bundle +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4700c7b670bd2e343c643e3e5f64a2d7c8880cae
|
|
4
|
+
data.tar.gz: 228089e6bb3fad5d660c71f10adb4cec2a109408
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c2b2c0cce6c5f209a3b9ddcceffd7d76a1dc2747a51f7eb6752e942719bdac7dfdd0c30e4aaff02c799c7df1c02276679395497d63a148a82e74fd50b40d7ab8
|
|
7
|
+
data.tar.gz: f3638fba98a5612b627495a616e90b21aafd732905917f129b4cfe2a0fe07b7bf6f385960538d2f9959cfc024b9fe1de8e57b6477d8fdfd17c83311dfcc14322
|
data/.gitignore
CHANGED
data/lib/passwordping.rb
CHANGED
|
@@ -123,10 +123,7 @@ module PasswordPing
|
|
|
123
123
|
password_hash = calc_password_hash(hash_spec["hashType"], password, hash_spec["salt"])
|
|
124
124
|
|
|
125
125
|
if (password_hash != nil)
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
just_hash = argon2_hash[argon2_hash.rindex('$') + 1 .. argon2_hash.length]
|
|
129
|
-
return Base64.decode64(just_hash).unpack('H*')[0]
|
|
126
|
+
return Hashing.argon2_raw(username + "$" + password_hash, salt)
|
|
130
127
|
else
|
|
131
128
|
return nil
|
|
132
129
|
end
|
data/lib/passwordping/hashing.rb
CHANGED
|
@@ -4,7 +4,7 @@ require 'bcrypt'
|
|
|
4
4
|
require 'unix_crypt'
|
|
5
5
|
require 'zlib'
|
|
6
6
|
require 'digest/whirlpool'
|
|
7
|
-
require '
|
|
7
|
+
require 'base64url'
|
|
8
8
|
|
|
9
9
|
module PasswordPing
|
|
10
10
|
class Hashing
|
|
@@ -155,6 +155,47 @@ module PasswordPing
|
|
|
155
155
|
return self.bcrypt(self.md5(to_hash), salt)
|
|
156
156
|
end
|
|
157
157
|
|
|
158
|
+
def self.argon2_raw(to_hash, salt)
|
|
159
|
+
time_cost = 3
|
|
160
|
+
mem_cost = 10
|
|
161
|
+
threads = 2
|
|
162
|
+
hash_length = 20
|
|
163
|
+
just_salt = salt
|
|
164
|
+
|
|
165
|
+
#$argon2i$v=19$m=65536,t=2,p=4$c29tZXNhbHQ$RdescudvJCsgt3ub+b+dWRWJTmaaJObG
|
|
166
|
+
if (salt[0..6] == "$argon2")
|
|
167
|
+
# looks like we specified algo info for argon2 in the salt
|
|
168
|
+
salt_values = salt.split("$")
|
|
169
|
+
just_salt = Base64URL.decode(salt_values[4])
|
|
170
|
+
cost_params = salt_values[3].split(",")
|
|
171
|
+
|
|
172
|
+
for param in cost_params
|
|
173
|
+
begin
|
|
174
|
+
param_parts = param.split("=")
|
|
175
|
+
if (param_parts[0] == "t")
|
|
176
|
+
time_cost = Integer(param_parts[1])
|
|
177
|
+
elsif (param_parts[0] == "m")
|
|
178
|
+
mem_cost = Math.log2(Integer(param_parts[1])).round
|
|
179
|
+
elsif (param_parts[0] == "p")
|
|
180
|
+
threads = Integer(param_parts[1])
|
|
181
|
+
elsif (param_parts[0] == "l")
|
|
182
|
+
hash_length = Integer(param_parts[1])
|
|
183
|
+
end
|
|
184
|
+
rescue ArgumentError
|
|
185
|
+
# ignore invalid params and just use default
|
|
186
|
+
end
|
|
187
|
+
end
|
|
188
|
+
|
|
189
|
+
if (salt_values[1] == "argon2i")
|
|
190
|
+
return Argon2Wrapper.hash_argon2i(to_hash, just_salt, time_cost, mem_cost, threads, hash_length)
|
|
191
|
+
else
|
|
192
|
+
return Argon2Wrapper.hash_argon2d(to_hash, just_salt, time_cost, mem_cost, threads, hash_length)
|
|
193
|
+
end
|
|
194
|
+
else
|
|
195
|
+
return Argon2Wrapper.hash_argon2d(to_hash, just_salt, time_cost, mem_cost, threads, hash_length)
|
|
196
|
+
end
|
|
197
|
+
end
|
|
198
|
+
|
|
158
199
|
def self.argon2(to_hash, salt)
|
|
159
200
|
time_cost = 3
|
|
160
201
|
mem_cost = 10
|
|
@@ -166,7 +207,7 @@ module PasswordPing
|
|
|
166
207
|
if (salt[0..6] == "$argon2")
|
|
167
208
|
# looks like we specified algo info for argon2 in the salt
|
|
168
209
|
salt_values = salt.split("$")
|
|
169
|
-
just_salt =
|
|
210
|
+
just_salt = Base64URL.decode(salt_values[4])
|
|
170
211
|
cost_params = salt_values[3].split(",")
|
|
171
212
|
|
|
172
213
|
for param in cost_params
|
data/lib/passwordping/version.rb
CHANGED
data/passwordping.gemspec
CHANGED
|
@@ -25,10 +25,12 @@ Gem::Specification.new do |spec|
|
|
|
25
25
|
spec.add_dependency 'rest-client', '~> 2.0', '>= 2.0.2'
|
|
26
26
|
spec.add_dependency 'bcrypt', '~> 3.1', '>= 3.1.11'
|
|
27
27
|
spec.add_dependency 'unix-crypt', '~> 1.3'
|
|
28
|
+
spec.add_dependency 'base64url', '~> 1.0', '>= 1.0.1'
|
|
28
29
|
|
|
29
30
|
spec.add_development_dependency "bundler", '~> 1.10', '>= 1.10.5'
|
|
30
31
|
spec.add_development_dependency "rake", '~> 10.4', '>= 10.4.2'
|
|
31
32
|
spec.add_development_dependency "test-unit", '~> 3.2', '>= 3.2.4'
|
|
32
33
|
spec.add_development_dependency "rake-compiler", '~> 1.0', '>= 1.0.4'
|
|
34
|
+
spec.add_development_dependency "io-console", '~> 0.4', '>= 0.4.6'
|
|
33
35
|
spec.extensions = ['ext/argon2-wrapper/extconf.rb', "ext/digest/whirlpool/extconf.rb" ]
|
|
34
36
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: passwordping
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- PasswordPing
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-06-
|
|
11
|
+
date: 2017-06-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ffi
|
|
@@ -92,6 +92,26 @@ dependencies:
|
|
|
92
92
|
- - "~>"
|
|
93
93
|
- !ruby/object:Gem::Version
|
|
94
94
|
version: '1.3'
|
|
95
|
+
- !ruby/object:Gem::Dependency
|
|
96
|
+
name: base64url
|
|
97
|
+
requirement: !ruby/object:Gem::Requirement
|
|
98
|
+
requirements:
|
|
99
|
+
- - "~>"
|
|
100
|
+
- !ruby/object:Gem::Version
|
|
101
|
+
version: '1.0'
|
|
102
|
+
- - ">="
|
|
103
|
+
- !ruby/object:Gem::Version
|
|
104
|
+
version: 1.0.1
|
|
105
|
+
type: :runtime
|
|
106
|
+
prerelease: false
|
|
107
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
108
|
+
requirements:
|
|
109
|
+
- - "~>"
|
|
110
|
+
- !ruby/object:Gem::Version
|
|
111
|
+
version: '1.0'
|
|
112
|
+
- - ">="
|
|
113
|
+
- !ruby/object:Gem::Version
|
|
114
|
+
version: 1.0.1
|
|
95
115
|
- !ruby/object:Gem::Dependency
|
|
96
116
|
name: bundler
|
|
97
117
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -172,6 +192,26 @@ dependencies:
|
|
|
172
192
|
- - ">="
|
|
173
193
|
- !ruby/object:Gem::Version
|
|
174
194
|
version: 1.0.4
|
|
195
|
+
- !ruby/object:Gem::Dependency
|
|
196
|
+
name: io-console
|
|
197
|
+
requirement: !ruby/object:Gem::Requirement
|
|
198
|
+
requirements:
|
|
199
|
+
- - "~>"
|
|
200
|
+
- !ruby/object:Gem::Version
|
|
201
|
+
version: '0.4'
|
|
202
|
+
- - ">="
|
|
203
|
+
- !ruby/object:Gem::Version
|
|
204
|
+
version: 0.4.6
|
|
205
|
+
type: :development
|
|
206
|
+
prerelease: false
|
|
207
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
208
|
+
requirements:
|
|
209
|
+
- - "~>"
|
|
210
|
+
- !ruby/object:Gem::Version
|
|
211
|
+
version: '0.4'
|
|
212
|
+
- - ">="
|
|
213
|
+
- !ruby/object:Gem::Version
|
|
214
|
+
version: 0.4.6
|
|
175
215
|
description: Ruby library for PasswordPing API
|
|
176
216
|
email:
|
|
177
217
|
- support@passwordping.com
|
|
@@ -276,7 +316,6 @@ files:
|
|
|
276
316
|
- ext/phc-winner-argon2/vs2015/Argon2RefGenKAT/Argon2RefGenKAT.vcxproj.filters
|
|
277
317
|
- ext/phc-winner-argon2/vs2015/Argon2RefTestCI/Argon2RefTestCI.vcxproj
|
|
278
318
|
- ext/phc-winner-argon2/vs2015/Argon2RefTestCI/Argon2RefTestCI.vcxproj.filters
|
|
279
|
-
- lib/digest/whirlpool.bundle
|
|
280
319
|
- lib/passwordping.rb
|
|
281
320
|
- lib/passwordping/argon2_wrapper_ffi.rb
|
|
282
321
|
- lib/passwordping/constants.rb
|
data/lib/digest/whirlpool.bundle
DELETED
|
Binary file
|