class HTAuth::Algorithm

Base class all the password algorithms derive from

Constants

SALT_CHARS
SALT_LENGTH

Public Class Methods

algorithm_from_field(password_field) click to toggle source

NOTE: if it is plaintext, and the length is 13 - it may matched crypt and be tested that way. If that is the case - this is explicitly siding with crypt() as you shouldn't be using plaintext. Or crypt for that matter.

# File lib/htauth/algorithm.rb, line 52
def algorithm_from_field(password_field)
  match = find_child(:handles?, password_field)
  match = ::HTAuth::Plaintext if match.nil? && ::HTAuth::Plaintext.entry_matches?(password_field)

  raise InvalidAlgorithmError, "unknown encryption algorithm used for `#{password_field}`" if match.nil?

  return match.new(:existing => password_field)
end
algorithm_from_name(a_name, params = {}) click to toggle source
# File lib/htauth/algorithm.rb, line 39
def algorithm_from_name(a_name, params = {})
  found = children.find { |c| c.algorithm_name == a_name }
  if !found then
    names = children.map { |c| c.algorithm_name }
    raise InvalidAlgorithmError, "`#{a_name}' is an unknown encryption algorithm, use one of #{names.join(', ')}"
  end
  return found.new(params)
end
algorithm_name() click to toggle source
# File lib/htauth/algorithm.rb, line 35
def algorithm_name
  self.name.split("::").last.downcase
end

Public Instance Methods

encode(password) click to toggle source

Internal

# File lib/htauth/algorithm.rb, line 87
def encode(password) ; end

Public

↑ top

Constants

BCRYPT

flag for the bcrypt algorithm

CRYPT

flag for the crypt algorithm

DEFAULT

flag for the default algorithm

EXISTING

flag to indicate using the existing algorithm of the entry

MD5

flag for the md5 algorithm

PLAINTEXT

flag for the plaintext algorithm

SHA1

flag for the sha1 algorithm

Internal

↑ top

Public Class Methods

handles?(password_entry) click to toggle source

Does this class handle this type of password entry

# File lib/htauth/algorithm.rb, line 63
def handles?(password_entry)
  raise NotImplementedError, "#{self.name} must implement #{self.name}.handles?(password_entry)"
end
secure_compare(a, b) click to toggle source

Constant time string comparison.

From github.com/rack/rack/blob/master/lib/rack/utils.rb

NOTE: the values compared should be of fixed length, such as strings that have already been processed by HMAC. This should not be used on variable length plaintext strings because it could leak length info via timing attacks.

# File lib/htauth/algorithm.rb, line 75
def secure_compare(a, b)
  return false unless a.bytesize == b.bytesize

  l = a.unpack("C*")

  r, i = 0, -1
  b.each_byte { |v| r |= v ^ l[i+=1] }
  r == 0
end

Public Instance Methods

gen_salt(length = SALT_LENGTH) click to toggle source

8 bytes of random items from SALT_CHARS

# File lib/htauth/algorithm.rb, line 90
def gen_salt(length = SALT_LENGTH)
  Array.new(length) { SALT_CHARS.sample }.join('')
end
to_64(number, rounds) click to toggle source

this is not the Base64 encoding, this is the to64() method from the apache protable runtime library

# File lib/htauth/algorithm.rb, line 96
def to_64(number, rounds)
  r = StringIO.new
  rounds.times do |x|
    r.print(SALT_CHARS[number % 64])
    number >>= 6
  end
  return r.string
end