pog19 1.1.1
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG +45 -0
- data/LICENSE +201 -0
- data/NOTICE +12 -0
- data/README +66 -0
- data/Rakefile +121 -0
- data/SECURITY +36 -0
- data/VERSION +1 -0
- data/lib/character_ranges.rb +185 -0
- data/lib/encoding_translation.rb +53 -0
- data/lib/password.rb +329 -0
- data/lib/password_tests.rb +415 -0
- data/lib/pog.rb +21 -0
- data/lib/random_string_generator.rb +291 -0
- data/lib/salt.rb +135 -0
- data/lib/string.rb +15 -0
- data/pog1-9.gemspec +20 -0
- data/test/tc_password.rb +122 -0
- data/test/tc_password_tests.rb +209 -0
- data/test/tc_random_string_generator.rb +133 -0
- data/test/tc_salt.rb +78 -0
- metadata +84 -0
data/CHANGELOG
ADDED
@@ -0,0 +1,45 @@
|
|
1
|
+
= POG - Password Operations Gem
|
2
|
+
== Changelog
|
3
|
+
|
4
|
+
<b>Version 1.1</b>
|
5
|
+
* Additional tests to complete 100% C0 code coverage according to rcov
|
6
|
+
Note: In the grand-scheme-of-things, this really doesn't mean much.
|
7
|
+
* sanitize method implemented to clear sensitive data from memory
|
8
|
+
|
9
|
+
<b>Version 1.0</b>
|
10
|
+
* API finalized, declared stable
|
11
|
+
|
12
|
+
<b>Version 0.4.2</b> <em>Public Beta</em> rev 14
|
13
|
+
* Added the Rakefile to the gem
|
14
|
+
|
15
|
+
<b>Version 0.4.1</b> <em>Public Beta</em> rev 12
|
16
|
+
* Added additional unit tests
|
17
|
+
* Password.authenticate detects the format of the given hash (binary, hex, etc)
|
18
|
+
* DRYed up hash generation and salting in Password
|
19
|
+
* Salt now using RandomStringGenerator to generate random salts
|
20
|
+
|
21
|
+
<b>Version 0.4</b> <em>Public Beta</em> rev 11
|
22
|
+
* Added qualitative testing and entropy calculation (Feature Request 12813)
|
23
|
+
* Added PasswordTests.default_test_params for getting a default set of test
|
24
|
+
parameters
|
25
|
+
* Added PasswordTests.test_minimum_non_alpha and
|
26
|
+
PasswordTests.test_maximum_non_alpha
|
27
|
+
|
28
|
+
<b>Version 0.3</b> <em>Public Beta</em> rev 6
|
29
|
+
* Fixed Bug 12815
|
30
|
+
* DRYed up password generation (created new RandomStringGenerator class)
|
31
|
+
* removed Password.generate in favor of RandomStringGenerator class
|
32
|
+
* Added WEP Key generation (Feature Request 12816)
|
33
|
+
|
34
|
+
<b>Version 0.2.1</b> <em>Public Beta</em> rev 5
|
35
|
+
* Fixed Bug 12487
|
36
|
+
* Added functionality to call tests with arbitrary parameters.
|
37
|
+
* Dewindified all source files (ie "\r\n" -> "\n")
|
38
|
+
|
39
|
+
<b>Version 0.2</b> <em>Public Beta</em> rev 3
|
40
|
+
* Wasn't precisely sure how to do the gemspec, but fixed the problem
|
41
|
+
* Moved pog.rb into +lib+ directory
|
42
|
+
* Added docs on how to use the gem (ie install and require)
|
43
|
+
|
44
|
+
<b>Version 0.1</b> <em>Public Beta</em> rev 2
|
45
|
+
* Initial Version
|
data/LICENSE
ADDED
@@ -0,0 +1,201 @@
|
|
1
|
+
Apache License
|
2
|
+
Version 2.0, January 2004
|
3
|
+
http://www.apache.org/licenses/
|
4
|
+
|
5
|
+
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
6
|
+
|
7
|
+
1. Definitions.
|
8
|
+
|
9
|
+
"License" shall mean the terms and conditions for use, reproduction,
|
10
|
+
and distribution as defined by Sections 1 through 9 of this document.
|
11
|
+
|
12
|
+
"Licensor" shall mean the copyright owner or entity authorized by
|
13
|
+
the copyright owner that is granting the License.
|
14
|
+
|
15
|
+
"Legal Entity" shall mean the union of the acting entity and all
|
16
|
+
other entities that control, are controlled by, or are under common
|
17
|
+
control with that entity. For the purposes of this definition,
|
18
|
+
"control" means (i) the power, direct or indirect, to cause the
|
19
|
+
direction or management of such entity, whether by contract or
|
20
|
+
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
21
|
+
outstanding shares, or (iii) beneficial ownership of such entity.
|
22
|
+
|
23
|
+
"You" (or "Your") shall mean an individual or Legal Entity
|
24
|
+
exercising permissions granted by this License.
|
25
|
+
|
26
|
+
"Source" form shall mean the preferred form for making modifications,
|
27
|
+
including but not limited to software source code, documentation
|
28
|
+
source, and configuration files.
|
29
|
+
|
30
|
+
"Object" form shall mean any form resulting from mechanical
|
31
|
+
transformation or translation of a Source form, including but
|
32
|
+
not limited to compiled object code, generated documentation,
|
33
|
+
and conversions to other media types.
|
34
|
+
|
35
|
+
"Work" shall mean the work of authorship, whether in Source or
|
36
|
+
Object form, made available under the License, as indicated by a
|
37
|
+
copyright notice that is included in or attached to the work
|
38
|
+
(an example is provided in the Appendix below).
|
39
|
+
|
40
|
+
"Derivative Works" shall mean any work, whether in Source or Object
|
41
|
+
form, that is based on (or derived from) the Work and for which the
|
42
|
+
editorial revisions, annotations, elaborations, or other modifications
|
43
|
+
represent, as a whole, an original work of authorship. For the purposes
|
44
|
+
of this License, Derivative Works shall not include works that remain
|
45
|
+
separable from, or merely link (or bind by name) to the interfaces of,
|
46
|
+
the Work and Derivative Works thereof.
|
47
|
+
|
48
|
+
"Contribution" shall mean any work of authorship, including
|
49
|
+
the original version of the Work and any modifications or additions
|
50
|
+
to that Work or Derivative Works thereof, that is intentionally
|
51
|
+
submitted to Licensor for inclusion in the Work by the copyright owner
|
52
|
+
or by an individual or Legal Entity authorized to submit on behalf of
|
53
|
+
the copyright owner. For the purposes of this definition, "submitted"
|
54
|
+
means any form of electronic, verbal, or written communication sent
|
55
|
+
to the Licensor or its representatives, including but not limited to
|
56
|
+
communication on electronic mailing lists, source code control systems,
|
57
|
+
and issue tracking systems that are managed by, or on behalf of, the
|
58
|
+
Licensor for the purpose of discussing and improving the Work, but
|
59
|
+
excluding communication that is conspicuously marked or otherwise
|
60
|
+
designated in writing by the copyright owner as "Not a Contribution."
|
61
|
+
|
62
|
+
"Contributor" shall mean Licensor and any individual or Legal Entity
|
63
|
+
on behalf of whom a Contribution has been received by Licensor and
|
64
|
+
subsequently incorporated within the Work.
|
65
|
+
|
66
|
+
2. Grant of Copyright License. Subject to the terms and conditions of
|
67
|
+
this License, each Contributor hereby grants to You a perpetual,
|
68
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
69
|
+
copyright license to reproduce, prepare Derivative Works of,
|
70
|
+
publicly display, publicly perform, sublicense, and distribute the
|
71
|
+
Work and such Derivative Works in Source or Object form.
|
72
|
+
|
73
|
+
3. Grant of Patent License. Subject to the terms and conditions of
|
74
|
+
this License, each Contributor hereby grants to You a perpetual,
|
75
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
76
|
+
(except as stated in this section) patent license to make, have made,
|
77
|
+
use, offer to sell, sell, import, and otherwise transfer the Work,
|
78
|
+
where such license applies only to those patent claims licensable
|
79
|
+
by such Contributor that are necessarily infringed by their
|
80
|
+
Contribution(s) alone or by combination of their Contribution(s)
|
81
|
+
with the Work to which such Contribution(s) was submitted. If You
|
82
|
+
institute patent litigation against any entity (including a
|
83
|
+
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
84
|
+
or a Contribution incorporated within the Work constitutes direct
|
85
|
+
or contributory patent infringement, then any patent licenses
|
86
|
+
granted to You under this License for that Work shall terminate
|
87
|
+
as of the date such litigation is filed.
|
88
|
+
|
89
|
+
4. Redistribution. You may reproduce and distribute copies of the
|
90
|
+
Work or Derivative Works thereof in any medium, with or without
|
91
|
+
modifications, and in Source or Object form, provided that You
|
92
|
+
meet the following conditions:
|
93
|
+
|
94
|
+
(a) You must give any other recipients of the Work or
|
95
|
+
Derivative Works a copy of this License; and
|
96
|
+
|
97
|
+
(b) You must cause any modified files to carry prominent notices
|
98
|
+
stating that You changed the files; and
|
99
|
+
|
100
|
+
(c) You must retain, in the Source form of any Derivative Works
|
101
|
+
that You distribute, all copyright, patent, trademark, and
|
102
|
+
attribution notices from the Source form of the Work,
|
103
|
+
excluding those notices that do not pertain to any part of
|
104
|
+
the Derivative Works; and
|
105
|
+
|
106
|
+
(d) If the Work includes a "NOTICE" text file as part of its
|
107
|
+
distribution, then any Derivative Works that You distribute must
|
108
|
+
include a readable copy of the attribution notices contained
|
109
|
+
within such NOTICE file, excluding those notices that do not
|
110
|
+
pertain to any part of the Derivative Works, in at least one
|
111
|
+
of the following places: within a NOTICE text file distributed
|
112
|
+
as part of the Derivative Works; within the Source form or
|
113
|
+
documentation, if provided along with the Derivative Works; or,
|
114
|
+
within a display generated by the Derivative Works, if and
|
115
|
+
wherever such third-party notices normally appear. The contents
|
116
|
+
of the NOTICE file are for informational purposes only and
|
117
|
+
do not modify the License. You may add Your own attribution
|
118
|
+
notices within Derivative Works that You distribute, alongside
|
119
|
+
or as an addendum to the NOTICE text from the Work, provided
|
120
|
+
that such additional attribution notices cannot be construed
|
121
|
+
as modifying the License.
|
122
|
+
|
123
|
+
You may add Your own copyright statement to Your modifications and
|
124
|
+
may provide additional or different license terms and conditions
|
125
|
+
for use, reproduction, or distribution of Your modifications, or
|
126
|
+
for any such Derivative Works as a whole, provided Your use,
|
127
|
+
reproduction, and distribution of the Work otherwise complies with
|
128
|
+
the conditions stated in this License.
|
129
|
+
|
130
|
+
5. Submission of Contributions. Unless You explicitly state otherwise,
|
131
|
+
any Contribution intentionally submitted for inclusion in the Work
|
132
|
+
by You to the Licensor shall be under the terms and conditions of
|
133
|
+
this License, without any additional terms or conditions.
|
134
|
+
Notwithstanding the above, nothing herein shall supersede or modify
|
135
|
+
the terms of any separate license agreement you may have executed
|
136
|
+
with Licensor regarding such Contributions.
|
137
|
+
|
138
|
+
6. Trademarks. This License does not grant permission to use the trade
|
139
|
+
names, trademarks, service marks, or product names of the Licensor,
|
140
|
+
except as required for reasonable and customary use in describing the
|
141
|
+
origin of the Work and reproducing the content of the NOTICE file.
|
142
|
+
|
143
|
+
7. Disclaimer of Warranty. Unless required by applicable law or
|
144
|
+
agreed to in writing, Licensor provides the Work (and each
|
145
|
+
Contributor provides its Contributions) on an "AS IS" BASIS,
|
146
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
147
|
+
implied, including, without limitation, any warranties or conditions
|
148
|
+
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
149
|
+
PARTICULAR PURPOSE. You are solely responsible for determining the
|
150
|
+
appropriateness of using or redistributing the Work and assume any
|
151
|
+
risks associated with Your exercise of permissions under this License.
|
152
|
+
|
153
|
+
8. Limitation of Liability. In no event and under no legal theory,
|
154
|
+
whether in tort (including negligence), contract, or otherwise,
|
155
|
+
unless required by applicable law (such as deliberate and grossly
|
156
|
+
negligent acts) or agreed to in writing, shall any Contributor be
|
157
|
+
liable to You for damages, including any direct, indirect, special,
|
158
|
+
incidental, or consequential damages of any character arising as a
|
159
|
+
result of this License or out of the use or inability to use the
|
160
|
+
Work (including but not limited to damages for loss of goodwill,
|
161
|
+
work stoppage, computer failure or malfunction, or any and all
|
162
|
+
other commercial damages or losses), even if such Contributor
|
163
|
+
has been advised of the possibility of such damages.
|
164
|
+
|
165
|
+
9. Accepting Warranty or Additional Liability. While redistributing
|
166
|
+
the Work or Derivative Works thereof, You may choose to offer,
|
167
|
+
and charge a fee for, acceptance of support, warranty, indemnity,
|
168
|
+
or other liability obligations and/or rights consistent with this
|
169
|
+
License. However, in accepting such obligations, You may act only
|
170
|
+
on Your own behalf and on Your sole responsibility, not on behalf
|
171
|
+
of any other Contributor, and only if You agree to indemnify,
|
172
|
+
defend, and hold each Contributor harmless for any liability
|
173
|
+
incurred by, or claims asserted against, such Contributor by reason
|
174
|
+
of your accepting any such warranty or additional liability.
|
175
|
+
|
176
|
+
END OF TERMS AND CONDITIONS
|
177
|
+
|
178
|
+
APPENDIX: How to apply the Apache License to your work.
|
179
|
+
|
180
|
+
To apply the Apache License to your work, attach the following
|
181
|
+
boilerplate notice, with the fields enclosed by brackets "[]"
|
182
|
+
replaced with your own identifying information. (Don't include
|
183
|
+
the brackets!) The text should be enclosed in the appropriate
|
184
|
+
comment syntax for the file format. We also recommend that a
|
185
|
+
file or class name and description of purpose be included on the
|
186
|
+
same "printed page" as the copyright notice for easier
|
187
|
+
identification within third-party archives.
|
188
|
+
|
189
|
+
Copyright [yyyy] [name of copyright owner]
|
190
|
+
|
191
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
192
|
+
you may not use this file except in compliance with the License.
|
193
|
+
You may obtain a copy of the License at
|
194
|
+
|
195
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
196
|
+
|
197
|
+
Unless required by applicable law or agreed to in writing, software
|
198
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
199
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
200
|
+
See the License for the specific language governing permissions and
|
201
|
+
limitations under the License.
|
data/NOTICE
ADDED
@@ -0,0 +1,12 @@
|
|
1
|
+
= POG - Password Operations Gem
|
2
|
+
== Notice
|
3
|
+
|
4
|
+
=== PasswordTests.qualitative_strength
|
5
|
+
|
6
|
+
The algorithm is modified from
|
7
|
+
http://phiras.wordpress.com/2007/04/08/password-strength-meter-a-jquery-plugin/
|
8
|
+
|
9
|
+
=== PasswordTests.entropy
|
10
|
+
|
11
|
+
The algorithm is modified from the formula in RFC 4086 on page 4
|
12
|
+
(http://www.ietf.org/rfc/rfc4086.txt)
|
data/README
ADDED
@@ -0,0 +1,66 @@
|
|
1
|
+
= POG - Password Operations Gem
|
2
|
+
|
3
|
+
Copyright (c) 2007 Operis Systems, LLC
|
4
|
+
|
5
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
you may not use this file except in compliance with the License
|
7
|
+
You may obtain a copy of the License at
|
8
|
+
|
9
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
|
11
|
+
Unless required by applicable law or agreed to in writing, software
|
12
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
See the License for the specific language governing permissions and
|
15
|
+
limitations under the License.
|
16
|
+
|
17
|
+
|
18
|
+
== What is POG?
|
19
|
+
|
20
|
+
POG is a Ruby gem for simplifying password hashing and salting, password-hash authentication,
|
21
|
+
password strength testing, and random password generation.
|
22
|
+
|
23
|
+
|
24
|
+
== Using POG in your application
|
25
|
+
|
26
|
+
1. Install the gem
|
27
|
+
%> gem install pog
|
28
|
+
2. Add the following line to your files
|
29
|
+
require 'pog'
|
30
|
+
3. You're ready. The best place to go from here is the documentation for the Password class.
|
31
|
+
|
32
|
+
|
33
|
+
== Class Password
|
34
|
+
|
35
|
+
Password encapsulates a password and provides functionality for hashing,
|
36
|
+
hash-based authentication, and random password generation.
|
37
|
+
|
38
|
+
|
39
|
+
== Class RandomStringGenerator
|
40
|
+
|
41
|
+
RandomStringGenerator provides the functionality to generate random Strings.
|
42
|
+
It could be called RandomPasswordGenerator.
|
43
|
+
|
44
|
+
|
45
|
+
== Class Salt
|
46
|
+
|
47
|
+
Salt encapsulates a password's salt and provides functionality for password
|
48
|
+
salting and random salt generation.
|
49
|
+
|
50
|
+
|
51
|
+
== Class PasswordTests
|
52
|
+
|
53
|
+
PasswordTests provides functionality for testing strength of passwords.
|
54
|
+
|
55
|
+
|
56
|
+
== Module CharacterRanges
|
57
|
+
|
58
|
+
CharacterRanges provides preset ranges for sets of ASCII characters for random
|
59
|
+
password generation. CharacterRanges is mixed into the Password and
|
60
|
+
RandomStringGenerator classes.
|
61
|
+
|
62
|
+
== Ruby Core Modifications
|
63
|
+
|
64
|
+
=== String
|
65
|
+
|
66
|
+
There is an added +sanitize+ method to completely sanitize a String from memory.
|
data/Rakefile
ADDED
@@ -0,0 +1,121 @@
|
|
1
|
+
# Copyright (c) 2007-2008 Operis Systems, LLC
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
##
|
16
|
+
# First, the gemspec
|
17
|
+
#
|
18
|
+
require 'rubygems'
|
19
|
+
|
20
|
+
spec = Gem::Specification.new do |s|
|
21
|
+
# Informational Stuff
|
22
|
+
s.name = 'pog'
|
23
|
+
s.version = '1.1'
|
24
|
+
s.summary = 'POG - Password Operations Gem'
|
25
|
+
s.description = <<END_OF_DESC
|
26
|
+
A Ruby gem for simplifying random password generation, password strength
|
27
|
+
testing, password hashing and salting, and password-hash authentication.
|
28
|
+
END_OF_DESC
|
29
|
+
s.author = 'Operis Systems, LLC'
|
30
|
+
s.email = 'support@operissystems.com'
|
31
|
+
s.homepage = 'http://pog.rubyforge.org'
|
32
|
+
s.rubyforge_project = 'pog'
|
33
|
+
|
34
|
+
# Requirements
|
35
|
+
s.required_ruby_version = '>= 1.8.6'
|
36
|
+
s.platform = Gem::Platform::RUBY
|
37
|
+
s.require_paths = [ 'lib' ]
|
38
|
+
|
39
|
+
# Testing
|
40
|
+
s.test_files = [ 'test/tc_salt.rb',
|
41
|
+
'test/tc_password_tests.rb',
|
42
|
+
'test/tc_password.rb',
|
43
|
+
'test/tc_random_string_generator.rb']
|
44
|
+
|
45
|
+
# Documentation
|
46
|
+
s.has_rdoc = true
|
47
|
+
s.extra_rdoc_files = [ 'README', 'LICENSE', 'CHANGELOG', 'NOTICE', 'SECURITY' ]
|
48
|
+
|
49
|
+
# Files
|
50
|
+
s.files = [ 'lib/random_string_generator.rb',
|
51
|
+
'lib/character_ranges.rb',
|
52
|
+
'lib/password_tests.rb',
|
53
|
+
'lib/password.rb',
|
54
|
+
'lib/salt.rb',
|
55
|
+
'lib/pog.rb',
|
56
|
+
'lib/string.rb',
|
57
|
+
'lib/encoding_translation.rb',
|
58
|
+
'Rakefile' ].push(s.test_files).push(s.extra_rdoc_files).flatten
|
59
|
+
end
|
60
|
+
|
61
|
+
##
|
62
|
+
# Now the Rakefile
|
63
|
+
#
|
64
|
+
require 'rake'
|
65
|
+
require 'rake/testtask'
|
66
|
+
require 'rake/rdoctask'
|
67
|
+
require 'rake/gempackagetask'
|
68
|
+
require 'rcov/rcovtask'
|
69
|
+
|
70
|
+
desc 'Default: run unit tests.'
|
71
|
+
task :default => :test
|
72
|
+
|
73
|
+
desc 'Run unit tests.'
|
74
|
+
Rake::TestTask.new(:test) do |t|
|
75
|
+
t.libs << 'lib'
|
76
|
+
t.test_files = spec.test_files
|
77
|
+
t.verbose = true
|
78
|
+
end
|
79
|
+
|
80
|
+
namespace :test do
|
81
|
+
namespace :coverage do
|
82
|
+
desc "Delete aggregate coverage data."
|
83
|
+
task(:clean) { rm_f "test/coverage.data" }
|
84
|
+
task(:clobber) {rm_r 'test/coverage'}
|
85
|
+
end
|
86
|
+
|
87
|
+
desc 'Aggregate code coverage for unit, functional and integration tests'
|
88
|
+
task :coverage do
|
89
|
+
puts `rcov test/*.rb --output test/coverage --exclude rcov.rb,activerecord,activesupport,tzinfo`
|
90
|
+
# Rcov::RcovTask.new() do |t|
|
91
|
+
# t.libs << "test"
|
92
|
+
# t.test_files = FileList["test/*.rb"]
|
93
|
+
# t.output_dir = "test/coverage"
|
94
|
+
# t.verbose = true
|
95
|
+
# t.rcov_opts << '--aggregate coverage.data'
|
96
|
+
# end
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
100
|
+
#desc 'Run tests on rand().'
|
101
|
+
#Rake::TestTask.new(:test_rand) do |t|
|
102
|
+
# t.test_files = 'test/rand_test.rb'
|
103
|
+
# t.verbose = true
|
104
|
+
#end
|
105
|
+
|
106
|
+
desc 'Generate documentation.'
|
107
|
+
task :doc => :rdoc
|
108
|
+
task :redoc => :rerdoc
|
109
|
+
desc 'Generate documentation.'
|
110
|
+
Rake::RDocTask.new(:rdoc) do |rdoc|
|
111
|
+
rdoc.rdoc_dir = 'doc'
|
112
|
+
rdoc.title = spec.summary
|
113
|
+
rdoc.options << '--line-numbers' << '--inline-source'
|
114
|
+
spec.extra_rdoc_files.each { |f| rdoc.rdoc_files.include( f ) }
|
115
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
116
|
+
end
|
117
|
+
|
118
|
+
Rake::GemPackageTask.new(spec) do |pkg|
|
119
|
+
pkg.need_zip = true
|
120
|
+
pkg.need_tar = true
|
121
|
+
end
|
data/SECURITY
ADDED
@@ -0,0 +1,36 @@
|
|
1
|
+
= Password Operations Gem Security Notes
|
2
|
+
|
3
|
+
== Random String Generator
|
4
|
+
|
5
|
+
The RandomStringGenerator class relies on the Kernel.rand method explicitly. This
|
6
|
+
means that the Strings generated by the RandomStringGenerator are not very
|
7
|
+
secure. At the time of this writing, the Kernel.rand method in Ruby 1.8.6 uses the
|
8
|
+
Mersenne Twister algorithm, which, according to Wikipedia, is predictable after
|
9
|
+
approximately 620 iterations and precisely predictable from the start if the seed is
|
10
|
+
known.
|
11
|
+
|
12
|
+
To add additional security, passwords are shuffled to prevent exploitation algorithms
|
13
|
+
from seeing exactly what order the characters were generated in. This should make reversing
|
14
|
+
the passwords to determine the seed significantly more difficult.
|
15
|
+
|
16
|
+
In my opinion, this is only secure enough for uses on the level of temporary
|
17
|
+
passwords, and should only generate a few passwords per instance of the generator.
|
18
|
+
I'm looking to create this more secure in future versions.
|
19
|
+
|
20
|
+
|
21
|
+
== String/Password Sanitization
|
22
|
+
|
23
|
+
POG includes an addition to the String class to sanitize String contents. The +sanitize+
|
24
|
+
method is designed to sanitize (i.e. destructively clear) the contents of the String.
|
25
|
+
This method is dependent upon the String#[Fixnum]= method doing the replacements without
|
26
|
+
duplicating anything. The MRI does this properly; however, this may not be the case for
|
27
|
+
other Ruby implementations.
|
28
|
+
|
29
|
+
|
30
|
+
== References
|
31
|
+
|
32
|
+
Wikipedia. "Merseene Twister".
|
33
|
+
http://en.wikipedia.org/wiki/Mersenne_Twister
|
34
|
+
|
35
|
+
Ruby RDocs. "Kernel.rand()".
|
36
|
+
http://ruby-doc.org/core-1.8.6/classes/Kernel.html#M005977
|
data/VERSION
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
1.1.1
|
@@ -0,0 +1,185 @@
|
|
1
|
+
##
|
2
|
+
# = character_ranges.rb
|
3
|
+
#
|
4
|
+
# Copyright (c) 2007 Operis Systems, LLC
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
##
|
20
|
+
# == CharacterRanges Module
|
21
|
+
#
|
22
|
+
# CharacterRanges provides preset ranges for sets of ASCII characters for
|
23
|
+
# random password generation.
|
24
|
+
#
|
25
|
+
# === List of Ranges
|
26
|
+
# +upper_alphas+:: 0x41..0x5a - A..Z
|
27
|
+
# +lower_alphas+:: 0x61..0x7a - a..z
|
28
|
+
# +numerals+:: 0x30..0x30 - 0..9
|
29
|
+
# <tt>symbols_1</tt>:: 0x21..0x21 - !
|
30
|
+
# <tt>symbols_2</tt>:: 0x23..0x26 - #..&
|
31
|
+
# <tt>symbols_3</tt>:: 0x28..0x2f - (../
|
32
|
+
# <tt>symbols_4</tt>:: 0x3a..0x40 - :..@
|
33
|
+
# <tt>symbols_5</tt>:: 0x5b..0x5f - [.._
|
34
|
+
# <tt>symbols_6</tt>:: 0x7b..0x7e - {..~
|
35
|
+
# +single_quotes+:: 0x27..0x27 - '
|
36
|
+
# +double_quotes+:: 0x22..0x22 - "
|
37
|
+
# +backtick+:: 0x60..0x60 - `
|
38
|
+
#
|
39
|
+
|
40
|
+
module CharacterRanges
|
41
|
+
|
42
|
+
##
|
43
|
+
# Get a specific range. See "List of Ranges" above.
|
44
|
+
#
|
45
|
+
# Example:
|
46
|
+
#
|
47
|
+
# CharacterRanges.range( :upper_alphas ) => 0x41..0x5a
|
48
|
+
#
|
49
|
+
def range( sym )
|
50
|
+
case sym.to_sym
|
51
|
+
when :upper_alphas
|
52
|
+
0x41..0x5a
|
53
|
+
when :lower_alphas
|
54
|
+
0x61..0x7a
|
55
|
+
when :numerals
|
56
|
+
0x30..0x39
|
57
|
+
when :symbols_1
|
58
|
+
0x21..0x21
|
59
|
+
when :symbols_2
|
60
|
+
0x23..0x26
|
61
|
+
when :symbols_3
|
62
|
+
0x28..0x2f
|
63
|
+
when :symbols_4
|
64
|
+
0x3a..0x40
|
65
|
+
when :symbols_5
|
66
|
+
0x5b..0x5f
|
67
|
+
when :symbols_6
|
68
|
+
0x7b..0x7e
|
69
|
+
when :single_quotes
|
70
|
+
0x27..0x27
|
71
|
+
when :double_quotes
|
72
|
+
0x22..0x22
|
73
|
+
when :backtick
|
74
|
+
0x60..0x60
|
75
|
+
else
|
76
|
+
raise ArgumentError, "#{sym.to_s} is an invalid range."
|
77
|
+
end
|
78
|
+
end
|
79
|
+
|
80
|
+
##
|
81
|
+
# The upper case alpha ASCII ranges as a single-member Array.
|
82
|
+
#
|
83
|
+
# (0x41..0x5a - A..Z)
|
84
|
+
#
|
85
|
+
def range_upper_alphas
|
86
|
+
[ range(:upper_alphas) ]
|
87
|
+
end
|
88
|
+
|
89
|
+
##
|
90
|
+
# The lower case alpha ASCII range as a single-member Array.
|
91
|
+
#
|
92
|
+
# (0x61..0x7a - a..z)
|
93
|
+
#
|
94
|
+
def range_lower_alphas
|
95
|
+
[ range(:lower_alphas) ]
|
96
|
+
end
|
97
|
+
|
98
|
+
##
|
99
|
+
# The numeral ASCII ranges as a single-member Array.
|
100
|
+
#
|
101
|
+
# 0x30..0x30 - 0..9
|
102
|
+
#
|
103
|
+
def range_numerals
|
104
|
+
[ range(:numerals) ]
|
105
|
+
end
|
106
|
+
|
107
|
+
##
|
108
|
+
# The symbols ASCII ranges as a 6-member Array.
|
109
|
+
#
|
110
|
+
# <tt>symbols_1</tt>:: 0x21..0x21 - !
|
111
|
+
# <tt>symbols_2</tt>:: 0x23..0x26 - #..&
|
112
|
+
# <tt>symbols_3</tt>:: 0x28..0x2f - (../
|
113
|
+
# <tt>symbols_4</tt>:: 0x3a..0x40 - :..@
|
114
|
+
# <tt>symbols_5</tt>:: 0x5b..0x5f - [.._
|
115
|
+
# <tt>symbols_6</tt>:: 0x7b..0x7e - {..~
|
116
|
+
#
|
117
|
+
def range_symbols
|
118
|
+
[ range(:symbols_1),
|
119
|
+
range(:symbols_2),
|
120
|
+
range(:symbols_3),
|
121
|
+
range(:symbols_4),
|
122
|
+
range(:symbols_5),
|
123
|
+
range(:symbols_6) ]
|
124
|
+
end
|
125
|
+
|
126
|
+
##
|
127
|
+
# All the ranges except the quote ranges (ie single, double, and backtick).
|
128
|
+
#
|
129
|
+
def range_all_except_quotes
|
130
|
+
[ range(:upper_alphas),
|
131
|
+
range(:lower_alphas),
|
132
|
+
range(:numerals),
|
133
|
+
range(:symbols_1),
|
134
|
+
range(:symbols_2),
|
135
|
+
range(:symbols_3),
|
136
|
+
range(:symbols_4),
|
137
|
+
range(:symbols_5),
|
138
|
+
range(:symbols_6) ]
|
139
|
+
end
|
140
|
+
|
141
|
+
##
|
142
|
+
# The single quotes ASCII ranges as a single-member Array.
|
143
|
+
#
|
144
|
+
# (0x27..0x27 - ')
|
145
|
+
#
|
146
|
+
def range_single_quotes
|
147
|
+
[ range(:single_quotes) ]
|
148
|
+
end
|
149
|
+
|
150
|
+
##
|
151
|
+
# The double quotes ASCII ranges as a single-member Array.
|
152
|
+
#
|
153
|
+
# (0x22..0x22 - ")
|
154
|
+
#
|
155
|
+
def range_double_quotes
|
156
|
+
[ range(:double_quotes) ]
|
157
|
+
end
|
158
|
+
|
159
|
+
##
|
160
|
+
# The backtick ASCII ranges as a single-member Array.
|
161
|
+
#
|
162
|
+
# (0x60..0x60 - `)
|
163
|
+
#
|
164
|
+
def range_backtick
|
165
|
+
[ range(:backtick) ]
|
166
|
+
end
|
167
|
+
|
168
|
+
##
|
169
|
+
# All the ranges except the quote ranges (ie single, double, and backtick).
|
170
|
+
#
|
171
|
+
def range_all
|
172
|
+
[ range(:upper_alphas),
|
173
|
+
range(:lower_alphas),
|
174
|
+
range(:numerals),
|
175
|
+
range(:symbols_1),
|
176
|
+
range(:symbols_2),
|
177
|
+
range(:symbols_3),
|
178
|
+
range(:symbols_4),
|
179
|
+
range(:symbols_5),
|
180
|
+
range(:symbols_6),
|
181
|
+
range(:single_quotes),
|
182
|
+
range(:double_quotes),
|
183
|
+
range(:backtick) ]
|
184
|
+
end
|
185
|
+
end
|