class HTAuth::Algorithm
Base class all the password algorithms derive from
Constants
- SALT_CHARS
- SALT_LENGTH
Public Class Methods
NOTE: if it is plaintext, and the length is 13 - it may matched crypt and be tested that way. If that is the case - this is explicitly siding with crypt() as you shouldn't be using plaintext. Or crypt for that matter.
# File lib/htauth/algorithm.rb, line 52 def algorithm_from_field(password_field) match = find_child(:handles?, password_field) match = ::HTAuth::Plaintext if match.nil? && ::HTAuth::Plaintext.entry_matches?(password_field) raise InvalidAlgorithmError, "unknown encryption algorithm used for `#{password_field}`" if match.nil? return match.new(:existing => password_field) end
# File lib/htauth/algorithm.rb, line 39 def algorithm_from_name(a_name, params = {}) found = children.find { |c| c.algorithm_name == a_name } if !found then names = children.map { |c| c.algorithm_name } raise InvalidAlgorithmError, "`#{a_name}' is an unknown encryption algorithm, use one of #{names.join(', ')}" end return found.new(params) end
# File lib/htauth/algorithm.rb, line 35 def algorithm_name self.name.split("::").last.downcase end
Public Instance Methods
Internal
# File lib/htauth/algorithm.rb, line 87 def encode(password) ; end
Public
↑ topConstants
- BCRYPT
flag for the bcrypt algorithm
- CRYPT
flag for the crypt algorithm
- DEFAULT
flag for the default algorithm
- EXISTING
flag to indicate using the existing algorithm of the entry
- MD5
flag for the md5 algorithm
- PLAINTEXT
flag for the plaintext algorithm
- SHA1
flag for the sha1 algorithm
Internal
↑ topPublic Class Methods
Does this class handle this type of password entry
# File lib/htauth/algorithm.rb, line 63 def handles?(password_entry) raise NotImplementedError, "#{self.name} must implement #{self.name}.handles?(password_entry)" end
Constant time string comparison.
From github.com/rack/rack/blob/master/lib/rack/utils.rb
NOTE: the values compared should be of fixed length, such as strings that have already been processed by HMAC. This should not be used on variable length plaintext strings because it could leak length info via timing attacks.
# File lib/htauth/algorithm.rb, line 75 def secure_compare(a, b) return false unless a.bytesize == b.bytesize l = a.unpack("C*") r, i = 0, -1 b.each_byte { |v| r |= v ^ l[i+=1] } r == 0 end
Public Instance Methods
8 bytes of random items from SALT_CHARS
# File lib/htauth/algorithm.rb, line 90 def gen_salt(length = SALT_LENGTH) Array.new(length) { SALT_CHARS.sample }.join('') end
this is not the Base64 encoding, this is the to64() method from the apache protable runtime library
# File lib/htauth/algorithm.rb, line 96 def to_64(number, rounds) r = StringIO.new rounds.times do |x| r.print(SALT_CHARS[number % 64]) number >>= 6 end return r.string end