Comments on: Quick *nix shadow passwords with Ruby

By: Dean Strelau

Dean Strelau — Thu, 22 Oct 2009 22:49:07 +0000

Thanks for this and the comment explaining the way crypt works with different formats of salts. That’s trick!

Here’s my version: http://d.strelau.net/post/220354423/shadow-passwords-in-ruby

By: Kenneth Kalmer

Kenneth Kalmer — Fri, 01 May 2009 13:40:52 +0000

@Brian yes, and no. Ruby uses the underlying linux crypt function (see man crypt). By default it uses a DES encryption scheme which does exactly what you said, but with glibc2 on the host things change. From the man page: If salt is a character string starting with the characters “$id$” followed by a string terminated by “$”: $id$salt$encrypted then instead of using the DES machine, id identifies the encryption method used and this then determines how the rest of the password string is interpreted.

=> “abNANd1rDfiNc”
irb(main):002:0> “secret”.crypt(“abasasa”)
=> “abNANd1rDfiNc”
irb(main):003:0> “secret”.crypt(“$1$abasasa”)
=> “$1$abasasa$2RZY2vd6E2ZEPSDa0eLec0″
irb(main):004:0> “secret”.crypt(“$1$abasa”)
=> “$1$abasa$ikoKICgwOFdcWgmDl9Asy1″

You can clearly see how the behavior of the crypt method changes in the latter calls. The Ruby rdoc’s are confusing in this regard.

By: Brian Demant

Brian Demant — Fri, 01 May 2009 13:32:25 +0000

from the doc:
“Applies a one-way cryptographic hash to str by invoking the standard library function crypt. The argument is the salt string, which should be two characters long, each character drawn from [a-zA-Z0-9./].”

so only the first 2 chars will be used

>> “secret”.crypt “ab”
=> “abNANd1rDfiNc”
>> “secret”.crypt “abcd”
=> “abNANd1rDfiNc”
>> “secret”.crypt “abcdefgh”
=> “abNANd1rDfiNc”