rbpass 0.0.3 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/rbpass/password_hasher.rb +7 -26
- data/lib/rbpass.rb +1 -1
- data/rbpass.gemspec +2 -2
- data/spec/rbpass/password_hasher_spec.rb +1 -1
- metadata +3 -3
|
@@ -29,7 +29,7 @@ module RbPass
|
|
|
29
29
|
output = output[0..count]
|
|
30
30
|
end
|
|
31
31
|
|
|
32
|
-
|
|
32
|
+
output
|
|
33
33
|
end
|
|
34
34
|
|
|
35
35
|
def encode64(input, count)
|
|
@@ -68,7 +68,7 @@ module RbPass
|
|
|
68
68
|
output << @itoa64[(value >> 18) & 0x3f]
|
|
69
69
|
end
|
|
70
70
|
|
|
71
|
-
|
|
71
|
+
output
|
|
72
72
|
end
|
|
73
73
|
|
|
74
74
|
def gensalt_private(input)
|
|
@@ -77,7 +77,7 @@ module RbPass
|
|
|
77
77
|
output << @itoa64[[@iteration_count_log2 + 5, 30].min]
|
|
78
78
|
output << encode64(input, 6)
|
|
79
79
|
|
|
80
|
-
|
|
80
|
+
output
|
|
81
81
|
end
|
|
82
82
|
|
|
83
83
|
def crypt_private(password, setting)
|
|
@@ -90,13 +90,11 @@ module RbPass
|
|
|
90
90
|
return output if setting[0,3] != '$P$' and setting[0,3] != '$H$'
|
|
91
91
|
|
|
92
92
|
count_log2 = @itoa64.index(setting[3])
|
|
93
|
-
|
|
94
93
|
return output if !count_log2.between?(7, 30)
|
|
95
94
|
|
|
96
95
|
count = 1 << count_log2
|
|
97
96
|
|
|
98
97
|
salt = setting[4,8]
|
|
99
|
-
|
|
100
98
|
return output if salt.length != 8
|
|
101
99
|
|
|
102
100
|
hash = Digest::MD5.digest(salt + password)
|
|
@@ -110,24 +108,7 @@ module RbPass
|
|
|
110
108
|
|
|
111
109
|
output << encode64(hash, 16)
|
|
112
110
|
|
|
113
|
-
|
|
114
|
-
end
|
|
115
|
-
|
|
116
|
-
# Actually this function is never called within a regular program execution.
|
|
117
|
-
# Blowfish is the default algorithm, implement ext-des?
|
|
118
|
-
def gensalt_extended(input)
|
|
119
|
-
count_log2 = [@iteration_count_log2 + 8, 24].min
|
|
120
|
-
count = (1 << count_log2) -1
|
|
121
|
-
|
|
122
|
-
output = '_'
|
|
123
|
-
|
|
124
|
-
output << @itoa64[count & 0x3f]
|
|
125
|
-
output << @itoa64[(count >> 6) & 0x3f]
|
|
126
|
-
output << @itoa64[(count >> 12) & 0x3f]
|
|
127
|
-
output << @itoa64[(count >> 18) & 0x3f]
|
|
128
|
-
output << encode64(input, 3)
|
|
129
|
-
|
|
130
|
-
return output
|
|
111
|
+
output
|
|
131
112
|
end
|
|
132
113
|
|
|
133
114
|
def gensalt_blowfish(input)
|
|
@@ -164,7 +145,7 @@ module RbPass
|
|
|
164
145
|
output << itoa64[c2 & 0x3f]
|
|
165
146
|
end
|
|
166
147
|
|
|
167
|
-
|
|
148
|
+
output
|
|
168
149
|
end
|
|
169
150
|
|
|
170
151
|
def hash(password)
|
|
@@ -184,7 +165,7 @@ module RbPass
|
|
|
184
165
|
|
|
185
166
|
return hash if hash.length == 34
|
|
186
167
|
|
|
187
|
-
|
|
168
|
+
'*'
|
|
188
169
|
end
|
|
189
170
|
|
|
190
171
|
def check(password, stored_hash)
|
|
@@ -194,7 +175,7 @@ module RbPass
|
|
|
194
175
|
hash = password.crypt(stored_hash)
|
|
195
176
|
end
|
|
196
177
|
|
|
197
|
-
|
|
178
|
+
hash == stored_hash
|
|
198
179
|
end
|
|
199
180
|
end
|
|
200
181
|
end
|
data/lib/rbpass.rb
CHANGED
data/rbpass.gemspec
CHANGED
|
@@ -11,9 +11,9 @@ Gem::Specification.new do |spec|
|
|
|
11
11
|
spec.license = 'MIT'
|
|
12
12
|
spec.authors = ['Pablo Elices']
|
|
13
13
|
spec.email = ['contact@pabloelic.es']
|
|
14
|
-
spec.summary = 'Ruby port of PHPass, a portable password hashing framework written in
|
|
14
|
+
spec.summary = 'Ruby port of PHPass, a portable password hashing framework written in PHP.'
|
|
15
15
|
spec.description = <<-EOF
|
|
16
|
-
Ruby port of phpass, a portable password hashing framework written in
|
|
16
|
+
Ruby port of phpass, a portable password hashing framework written in PHP.
|
|
17
17
|
PHPass is used by WordPress, bbPress, Vanilla Forums, PivotX and phpBB.
|
|
18
18
|
EOF
|
|
19
19
|
spec.homepage = 'https://github.com/pabloelices/rbpass'
|
|
@@ -31,7 +31,7 @@ describe RbPass::PasswordHasher do
|
|
|
31
31
|
end
|
|
32
32
|
end
|
|
33
33
|
|
|
34
|
-
context 'when using portable hashes and a random hardcoded
|
|
34
|
+
context 'when using portable hashes and a random hardcoded hash' do
|
|
35
35
|
let(:password_hasher) { RbPass::PasswordHasher.new(8, true) }
|
|
36
36
|
let(:valid_password) { 'test12345' }
|
|
37
37
|
let(:invalid_password) { 'test12346' }
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rbpass
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.4
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -12,7 +12,7 @@ cert_chain: []
|
|
|
12
12
|
date: 2013-01-18 00:00:00.000000000 Z
|
|
13
13
|
dependencies: []
|
|
14
14
|
description: ! " Ruby port of phpass, a portable password hashing framework written
|
|
15
|
-
in
|
|
15
|
+
in PHP.\n PHPass is used by WordPress, bbPress, Vanilla Forums, PivotX and phpBB.\n"
|
|
16
16
|
email:
|
|
17
17
|
- contact@pabloelic.es
|
|
18
18
|
executables:
|
|
@@ -56,7 +56,7 @@ rubyforge_project:
|
|
|
56
56
|
rubygems_version: 1.8.24
|
|
57
57
|
signing_key:
|
|
58
58
|
specification_version: 3
|
|
59
|
-
summary: Ruby port of PHPass, a portable password hashing framework written in
|
|
59
|
+
summary: Ruby port of PHPass, a portable password hashing framework written in PHP.
|
|
60
60
|
test_files:
|
|
61
61
|
- spec/rbpass/password_hasher_spec.rb
|
|
62
62
|
- spec/rbpass/rbpass_spec.rb
|