rbpass 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/rbpass/password_hasher.rb +7 -26
- data/lib/rbpass.rb +1 -1
- data/rbpass.gemspec +2 -2
- data/spec/rbpass/password_hasher_spec.rb +1 -1
- metadata +3 -3
|
@@ -29,7 +29,7 @@ module RbPass
|
|
|
29
29
|
output = output[0..count]
|
|
30
30
|
end
|
|
31
31
|
|
|
32
|
-
|
|
32
|
+
output
|
|
33
33
|
end
|
|
34
34
|
|
|
35
35
|
def encode64(input, count)
|
|
@@ -68,7 +68,7 @@ module RbPass
|
|
|
68
68
|
output << @itoa64[(value >> 18) & 0x3f]
|
|
69
69
|
end
|
|
70
70
|
|
|
71
|
-
|
|
71
|
+
output
|
|
72
72
|
end
|
|
73
73
|
|
|
74
74
|
def gensalt_private(input)
|
|
@@ -77,7 +77,7 @@ module RbPass
|
|
|
77
77
|
output << @itoa64[[@iteration_count_log2 + 5, 30].min]
|
|
78
78
|
output << encode64(input, 6)
|
|
79
79
|
|
|
80
|
-
|
|
80
|
+
output
|
|
81
81
|
end
|
|
82
82
|
|
|
83
83
|
def crypt_private(password, setting)
|
|
@@ -90,13 +90,11 @@ module RbPass
|
|
|
90
90
|
return output if setting[0,3] != '$P$' and setting[0,3] != '$H$'
|
|
91
91
|
|
|
92
92
|
count_log2 = @itoa64.index(setting[3])
|
|
93
|
-
|
|
94
93
|
return output if !count_log2.between?(7, 30)
|
|
95
94
|
|
|
96
95
|
count = 1 << count_log2
|
|
97
96
|
|
|
98
97
|
salt = setting[4,8]
|
|
99
|
-
|
|
100
98
|
return output if salt.length != 8
|
|
101
99
|
|
|
102
100
|
hash = Digest::MD5.digest(salt + password)
|
|
@@ -110,24 +108,7 @@ module RbPass
|
|
|
110
108
|
|
|
111
109
|
output << encode64(hash, 16)
|
|
112
110
|
|
|
113
|
-
|
|
114
|
-
end
|
|
115
|
-
|
|
116
|
-
# Actually this function is never called within a regular program execution.
|
|
117
|
-
# Blowfish is the default algorithm, implement ext-des?
|
|
118
|
-
def gensalt_extended(input)
|
|
119
|
-
count_log2 = [@iteration_count_log2 + 8, 24].min
|
|
120
|
-
count = (1 << count_log2) -1
|
|
121
|
-
|
|
122
|
-
output = '_'
|
|
123
|
-
|
|
124
|
-
output << @itoa64[count & 0x3f]
|
|
125
|
-
output << @itoa64[(count >> 6) & 0x3f]
|
|
126
|
-
output << @itoa64[(count >> 12) & 0x3f]
|
|
127
|
-
output << @itoa64[(count >> 18) & 0x3f]
|
|
128
|
-
output << encode64(input, 3)
|
|
129
|
-
|
|
130
|
-
return output
|
|
111
|
+
output
|
|
131
112
|
end
|
|
132
113
|
|
|
133
114
|
def gensalt_blowfish(input)
|
|
@@ -164,7 +145,7 @@ module RbPass
|
|
|
164
145
|
output << itoa64[c2 & 0x3f]
|
|
165
146
|
end
|
|
166
147
|
|
|
167
|
-
|
|
148
|
+
output
|
|
168
149
|
end
|
|
169
150
|
|
|
170
151
|
def hash(password)
|
|
@@ -184,7 +165,7 @@ module RbPass
|
|
|
184
165
|
|
|
185
166
|
return hash if hash.length == 34
|
|
186
167
|
|
|
187
|
-
|
|
168
|
+
'*'
|
|
188
169
|
end
|
|
189
170
|
|
|
190
171
|
def check(password, stored_hash)
|
|
@@ -194,7 +175,7 @@ module RbPass
|
|
|
194
175
|
hash = password.crypt(stored_hash)
|
|
195
176
|
end
|
|
196
177
|
|
|
197
|
-
|
|
178
|
+
hash == stored_hash
|
|
198
179
|
end
|
|
199
180
|
end
|
|
200
181
|
end
|
data/lib/rbpass.rb
CHANGED
data/rbpass.gemspec
CHANGED
|
@@ -11,9 +11,9 @@ Gem::Specification.new do |spec|
|
|
|
11
11
|
spec.license = 'MIT'
|
|
12
12
|
spec.authors = ['Pablo Elices']
|
|
13
13
|
spec.email = ['contact@pabloelic.es']
|
|
14
|
-
spec.summary = 'Ruby port of PHPass, a portable password hashing framework written in
|
|
14
|
+
spec.summary = 'Ruby port of PHPass, a portable password hashing framework written in PHP.'
|
|
15
15
|
spec.description = <<-EOF
|
|
16
|
-
Ruby port of phpass, a portable password hashing framework written in
|
|
16
|
+
Ruby port of phpass, a portable password hashing framework written in PHP.
|
|
17
17
|
PHPass is used by WordPress, bbPress, Vanilla Forums, PivotX and phpBB.
|
|
18
18
|
EOF
|
|
19
19
|
spec.homepage = 'https://github.com/pabloelices/rbpass'
|
|
@@ -31,7 +31,7 @@ describe RbPass::PasswordHasher do
|
|
|
31
31
|
end
|
|
32
32
|
end
|
|
33
33
|
|
|
34
|
-
context 'when using portable hashes and a random hardcoded
|
|
34
|
+
context 'when using portable hashes and a random hardcoded hash' do
|
|
35
35
|
let(:password_hasher) { RbPass::PasswordHasher.new(8, true) }
|
|
36
36
|
let(:valid_password) { 'test12345' }
|
|
37
37
|
let(:invalid_password) { 'test12346' }
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rbpass
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.4
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -12,7 +12,7 @@ cert_chain: []
|
|
|
12
12
|
date: 2013-01-18 00:00:00.000000000 Z
|
|
13
13
|
dependencies: []
|
|
14
14
|
description: ! " Ruby port of phpass, a portable password hashing framework written
|
|
15
|
-
in
|
|
15
|
+
in PHP.\n PHPass is used by WordPress, bbPress, Vanilla Forums, PivotX and phpBB.\n"
|
|
16
16
|
email:
|
|
17
17
|
- contact@pabloelic.es
|
|
18
18
|
executables:
|
|
@@ -56,7 +56,7 @@ rubyforge_project:
|
|
|
56
56
|
rubygems_version: 1.8.24
|
|
57
57
|
signing_key:
|
|
58
58
|
specification_version: 3
|
|
59
|
-
summary: Ruby port of PHPass, a portable password hashing framework written in
|
|
59
|
+
summary: Ruby port of PHPass, a portable password hashing framework written in PHP.
|
|
60
60
|
test_files:
|
|
61
61
|
- spec/rbpass/password_hasher_spec.rb
|
|
62
62
|
- spec/rbpass/rbpass_spec.rb
|