passwordping 1.0.1 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/lib/passwordping.rb +1 -4
- data/lib/passwordping/hashing.rb +43 -2
- data/lib/passwordping/version.rb +1 -1
- data/passwordping.gemspec +2 -0
- metadata +42 -3
- data/lib/digest/whirlpool.bundle +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4700c7b670bd2e343c643e3e5f64a2d7c8880cae
|
|
4
|
+
data.tar.gz: 228089e6bb3fad5d660c71f10adb4cec2a109408
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c2b2c0cce6c5f209a3b9ddcceffd7d76a1dc2747a51f7eb6752e942719bdac7dfdd0c30e4aaff02c799c7df1c02276679395497d63a148a82e74fd50b40d7ab8
|
|
7
|
+
data.tar.gz: f3638fba98a5612b627495a616e90b21aafd732905917f129b4cfe2a0fe07b7bf6f385960538d2f9959cfc024b9fe1de8e57b6477d8fdfd17c83311dfcc14322
|
data/.gitignore
CHANGED
data/lib/passwordping.rb
CHANGED
|
@@ -123,10 +123,7 @@ module PasswordPing
|
|
|
123
123
|
password_hash = calc_password_hash(hash_spec["hashType"], password, hash_spec["salt"])
|
|
124
124
|
|
|
125
125
|
if (password_hash != nil)
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
just_hash = argon2_hash[argon2_hash.rindex('$') + 1 .. argon2_hash.length]
|
|
129
|
-
return Base64.decode64(just_hash).unpack('H*')[0]
|
|
126
|
+
return Hashing.argon2_raw(username + "$" + password_hash, salt)
|
|
130
127
|
else
|
|
131
128
|
return nil
|
|
132
129
|
end
|
data/lib/passwordping/hashing.rb
CHANGED
|
@@ -4,7 +4,7 @@ require 'bcrypt'
|
|
|
4
4
|
require 'unix_crypt'
|
|
5
5
|
require 'zlib'
|
|
6
6
|
require 'digest/whirlpool'
|
|
7
|
-
require '
|
|
7
|
+
require 'base64url'
|
|
8
8
|
|
|
9
9
|
module PasswordPing
|
|
10
10
|
class Hashing
|
|
@@ -155,6 +155,47 @@ module PasswordPing
|
|
|
155
155
|
return self.bcrypt(self.md5(to_hash), salt)
|
|
156
156
|
end
|
|
157
157
|
|
|
158
|
+
def self.argon2_raw(to_hash, salt)
|
|
159
|
+
time_cost = 3
|
|
160
|
+
mem_cost = 10
|
|
161
|
+
threads = 2
|
|
162
|
+
hash_length = 20
|
|
163
|
+
just_salt = salt
|
|
164
|
+
|
|
165
|
+
#$argon2i$v=19$m=65536,t=2,p=4$c29tZXNhbHQ$RdescudvJCsgt3ub+b+dWRWJTmaaJObG
|
|
166
|
+
if (salt[0..6] == "$argon2")
|
|
167
|
+
# looks like we specified algo info for argon2 in the salt
|
|
168
|
+
salt_values = salt.split("$")
|
|
169
|
+
just_salt = Base64URL.decode(salt_values[4])
|
|
170
|
+
cost_params = salt_values[3].split(",")
|
|
171
|
+
|
|
172
|
+
for param in cost_params
|
|
173
|
+
begin
|
|
174
|
+
param_parts = param.split("=")
|
|
175
|
+
if (param_parts[0] == "t")
|
|
176
|
+
time_cost = Integer(param_parts[1])
|
|
177
|
+
elsif (param_parts[0] == "m")
|
|
178
|
+
mem_cost = Math.log2(Integer(param_parts[1])).round
|
|
179
|
+
elsif (param_parts[0] == "p")
|
|
180
|
+
threads = Integer(param_parts[1])
|
|
181
|
+
elsif (param_parts[0] == "l")
|
|
182
|
+
hash_length = Integer(param_parts[1])
|
|
183
|
+
end
|
|
184
|
+
rescue ArgumentError
|
|
185
|
+
# ignore invalid params and just use default
|
|
186
|
+
end
|
|
187
|
+
end
|
|
188
|
+
|
|
189
|
+
if (salt_values[1] == "argon2i")
|
|
190
|
+
return Argon2Wrapper.hash_argon2i(to_hash, just_salt, time_cost, mem_cost, threads, hash_length)
|
|
191
|
+
else
|
|
192
|
+
return Argon2Wrapper.hash_argon2d(to_hash, just_salt, time_cost, mem_cost, threads, hash_length)
|
|
193
|
+
end
|
|
194
|
+
else
|
|
195
|
+
return Argon2Wrapper.hash_argon2d(to_hash, just_salt, time_cost, mem_cost, threads, hash_length)
|
|
196
|
+
end
|
|
197
|
+
end
|
|
198
|
+
|
|
158
199
|
def self.argon2(to_hash, salt)
|
|
159
200
|
time_cost = 3
|
|
160
201
|
mem_cost = 10
|
|
@@ -166,7 +207,7 @@ module PasswordPing
|
|
|
166
207
|
if (salt[0..6] == "$argon2")
|
|
167
208
|
# looks like we specified algo info for argon2 in the salt
|
|
168
209
|
salt_values = salt.split("$")
|
|
169
|
-
just_salt =
|
|
210
|
+
just_salt = Base64URL.decode(salt_values[4])
|
|
170
211
|
cost_params = salt_values[3].split(",")
|
|
171
212
|
|
|
172
213
|
for param in cost_params
|
data/lib/passwordping/version.rb
CHANGED
data/passwordping.gemspec
CHANGED
|
@@ -25,10 +25,12 @@ Gem::Specification.new do |spec|
|
|
|
25
25
|
spec.add_dependency 'rest-client', '~> 2.0', '>= 2.0.2'
|
|
26
26
|
spec.add_dependency 'bcrypt', '~> 3.1', '>= 3.1.11'
|
|
27
27
|
spec.add_dependency 'unix-crypt', '~> 1.3'
|
|
28
|
+
spec.add_dependency 'base64url', '~> 1.0', '>= 1.0.1'
|
|
28
29
|
|
|
29
30
|
spec.add_development_dependency "bundler", '~> 1.10', '>= 1.10.5'
|
|
30
31
|
spec.add_development_dependency "rake", '~> 10.4', '>= 10.4.2'
|
|
31
32
|
spec.add_development_dependency "test-unit", '~> 3.2', '>= 3.2.4'
|
|
32
33
|
spec.add_development_dependency "rake-compiler", '~> 1.0', '>= 1.0.4'
|
|
34
|
+
spec.add_development_dependency "io-console", '~> 0.4', '>= 0.4.6'
|
|
33
35
|
spec.extensions = ['ext/argon2-wrapper/extconf.rb', "ext/digest/whirlpool/extconf.rb" ]
|
|
34
36
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: passwordping
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- PasswordPing
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-06-
|
|
11
|
+
date: 2017-06-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ffi
|
|
@@ -92,6 +92,26 @@ dependencies:
|
|
|
92
92
|
- - "~>"
|
|
93
93
|
- !ruby/object:Gem::Version
|
|
94
94
|
version: '1.3'
|
|
95
|
+
- !ruby/object:Gem::Dependency
|
|
96
|
+
name: base64url
|
|
97
|
+
requirement: !ruby/object:Gem::Requirement
|
|
98
|
+
requirements:
|
|
99
|
+
- - "~>"
|
|
100
|
+
- !ruby/object:Gem::Version
|
|
101
|
+
version: '1.0'
|
|
102
|
+
- - ">="
|
|
103
|
+
- !ruby/object:Gem::Version
|
|
104
|
+
version: 1.0.1
|
|
105
|
+
type: :runtime
|
|
106
|
+
prerelease: false
|
|
107
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
108
|
+
requirements:
|
|
109
|
+
- - "~>"
|
|
110
|
+
- !ruby/object:Gem::Version
|
|
111
|
+
version: '1.0'
|
|
112
|
+
- - ">="
|
|
113
|
+
- !ruby/object:Gem::Version
|
|
114
|
+
version: 1.0.1
|
|
95
115
|
- !ruby/object:Gem::Dependency
|
|
96
116
|
name: bundler
|
|
97
117
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -172,6 +192,26 @@ dependencies:
|
|
|
172
192
|
- - ">="
|
|
173
193
|
- !ruby/object:Gem::Version
|
|
174
194
|
version: 1.0.4
|
|
195
|
+
- !ruby/object:Gem::Dependency
|
|
196
|
+
name: io-console
|
|
197
|
+
requirement: !ruby/object:Gem::Requirement
|
|
198
|
+
requirements:
|
|
199
|
+
- - "~>"
|
|
200
|
+
- !ruby/object:Gem::Version
|
|
201
|
+
version: '0.4'
|
|
202
|
+
- - ">="
|
|
203
|
+
- !ruby/object:Gem::Version
|
|
204
|
+
version: 0.4.6
|
|
205
|
+
type: :development
|
|
206
|
+
prerelease: false
|
|
207
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
208
|
+
requirements:
|
|
209
|
+
- - "~>"
|
|
210
|
+
- !ruby/object:Gem::Version
|
|
211
|
+
version: '0.4'
|
|
212
|
+
- - ">="
|
|
213
|
+
- !ruby/object:Gem::Version
|
|
214
|
+
version: 0.4.6
|
|
175
215
|
description: Ruby library for PasswordPing API
|
|
176
216
|
email:
|
|
177
217
|
- support@passwordping.com
|
|
@@ -276,7 +316,6 @@ files:
|
|
|
276
316
|
- ext/phc-winner-argon2/vs2015/Argon2RefGenKAT/Argon2RefGenKAT.vcxproj.filters
|
|
277
317
|
- ext/phc-winner-argon2/vs2015/Argon2RefTestCI/Argon2RefTestCI.vcxproj
|
|
278
318
|
- ext/phc-winner-argon2/vs2015/Argon2RefTestCI/Argon2RefTestCI.vcxproj.filters
|
|
279
|
-
- lib/digest/whirlpool.bundle
|
|
280
319
|
- lib/passwordping.rb
|
|
281
320
|
- lib/passwordping/argon2_wrapper_ffi.rb
|
|
282
321
|
- lib/passwordping/constants.rb
|
data/lib/digest/whirlpool.bundle
DELETED
|
Binary file
|