Hello all, I have a client with an older Rails 1.8 app (was recently upgraded from 1.6) and I need to integrate a php site to use the same user login creds. I''m not very versed with Ruby but I think this is the code that encrypts the password. [code] # Encrypts some data with the salt. def self.encrypt(password, salt) Digest::SHA1.hexdigest("--#{salt}--#{password}--") end # Encrypts the password with the user salt def encrypt(password) self.class.encrypt(password, salt) end[/code] So.... I have full db access so I have the encrypted passwords and their associated salts. And I need a php script to verify users. Is there as way for me to un-encrypt this password via php and the database that Ruby is using? Thanks in advance for any guidance or assistance you may be able to provide. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
You shouldn''t have to decrypt it. As with the login code in ruby you compare hash to hash. Dieter Lunn http://www.coder2000.ca On Mon, May 10, 2010 at 7:38 AM, rusty <rwcoan-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hello all, I have a client with an older Rails 1.8 app (was recently > upgraded from 1.6) and I need to integrate a php site to use the same > user login creds. > > I''m not very versed with Ruby but I think this is the code that > encrypts the password. > > [code] > # Encrypts some data with the salt. > def self.encrypt(password, salt) > Digest::SHA1.hexdigest("--#{salt}--#{password}--") > end > > # Encrypts the password with the user salt > def encrypt(password) > self.class.encrypt(password, salt) > end[/code] > > So.... I have full db access so I have the encrypted passwords and > their associated salts. And I need a php script to verify users. Is > there as way for me to un-encrypt this password via php and the > database that Ruby is using? > > Thanks in advance for any guidance or assistance you may be able to > provide. > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
exactly, that''s what I meant, sorry. Is this just a sha1() hash? I guess I''m not fully understanding what Ruby is doing here. Digest::SHA1.hexdigest("--#{salt}--#{password}--") What is ''hexdigest''? On May 10, 8:42 am, Dieter Lunn <coder2...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> You shouldn''t have to decrypt it. As with the login code in ruby you > compare hash to hash. > > Dieter Lunnhttp://www.coder2000.ca > > > > On Mon, May 10, 2010 at 7:38 AM, rusty <rwc...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > Hello all, I have a client with an older Rails 1.8 app (was recently > > upgraded from 1.6) and I need to integrate a php site to use the same > > user login creds. > > > I''m not very versed with Ruby but I think this is the code that > > encrypts the password. > > > [code] > > # Encrypts some data with the salt. > > def self.encrypt(password, salt) > > Digest::SHA1.hexdigest("--#{salt}--#{password}--") > > end > > > # Encrypts the password with the user salt > > def encrypt(password) > > self.class.encrypt(password, salt) > > end[/code] > > > So.... I have full db access so I have the encrypted passwords and > > their associated salts. And I need a php script to verify users. Is > > there as way for me to un-encrypt this password via php and the > > database that Ruby is using? > > > Thanks in advance for any guidance or assistance you may be able to > > provide. > > > -- > > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > > For more options, visit this group athttp://groups.google.com/group/rubyonrails-talk?hl=en. > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. > For more options, visit this group athttp://groups.google.com/group/rubyonrails-talk?hl=en.-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
It is just an SHA1 hash. the hexdigest part is getting the hex representation of that hash. Dieter Lunn http://www.coder2000.ca On Mon, May 10, 2010 at 7:50 AM, rusty <rwcoan-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> exactly, that''s what I meant, sorry. Is this just a sha1() hash? I > guess I''m not fully understanding what Ruby is doing here. > > Digest::SHA1.hexdigest("--#{salt}--#{password}--") > > What is ''hexdigest''? > > On May 10, 8:42 am, Dieter Lunn <coder2...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: >> You shouldn''t have to decrypt it. As with the login code in ruby you >> compare hash to hash. >> >> Dieter Lunnhttp://www.coder2000.ca >> >> >> >> On Mon, May 10, 2010 at 7:38 AM, rusty <rwc...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: >> > Hello all, I have a client with an older Rails 1.8 app (was recently >> > upgraded from 1.6) and I need to integrate a php site to use the same >> > user login creds. >> >> > I''m not very versed with Ruby but I think this is the code that >> > encrypts the password. >> >> > [code] >> > # Encrypts some data with the salt. >> > def self.encrypt(password, salt) >> > Digest::SHA1.hexdigest("--#{salt}--#{password}--") >> > end >> >> > # Encrypts the password with the user salt >> > def encrypt(password) >> > self.class.encrypt(password, salt) >> > end[/code] >> >> > So.... I have full db access so I have the encrypted passwords and >> > their associated salts. And I need a php script to verify users. Is >> > there as way for me to un-encrypt this password via php and the >> > database that Ruby is using? >> >> > Thanks in advance for any guidance or assistance you may be able to >> > provide. >> >> > -- >> > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. >> > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org. >> > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org >> > For more options, visit this group athttp://groups.google.com/group/rubyonrails-talk?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. >> To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org >> To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org >> For more options, visit this group athttp://groups.google.com/group/rubyonrails-talk?hl=en. > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Ok, one last question and I think I''ve got this. How is Ruby interpreting this string? "--#{salt}--#{password}--" For example let''s say.... salt = 1234 password = 5678 Is Ruby seeing "--#{1234}--#{5678}--" or "--#1234--#5678--" or "--1234--5678--" This is really just my ignorance of how Ruby interprets variables in strings. Sorry in advance for the dumb question. Thanks for your assistance. On May 10, 8:53 am, Dieter Lunn <coder2...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> It is just an SHA1 hash. the hexdigest part is getting the hex > representation of that hash. > > Dieter Lunnhttp://www.coder2000.ca > > > > On Mon, May 10, 2010 at 7:50 AM, rusty <rwc...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > exactly, that''s what I meant, sorry. Is this just a sha1() hash? I > > guess I''m not fully understanding what Ruby is doing here. > > > Digest::SHA1.hexdigest("--#{salt}--#{password}--") > > > What is ''hexdigest''? > > > On May 10, 8:42 am, Dieter Lunn <coder2...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > >> You shouldn''t have to decrypt it. As with the login code in ruby you > >> compare hash to hash. > > >> Dieter Lunnhttp://www.coder2000.ca > > >> On Mon, May 10, 2010 at 7:38 AM, rusty <rwc...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > >> > Hello all, I have a client with an older Rails 1.8 app (was recently > >> > upgraded from 1.6) and I need to integrate a php site to use the same > >> > user login creds. > > >> > I''m not very versed with Ruby but I think this is the code that > >> > encrypts the password. > > >> > [code] > >> > # Encrypts some data with the salt. > >> > def self.encrypt(password, salt) > >> > Digest::SHA1.hexdigest("--#{salt}--#{password}--") > >> > end > > >> > # Encrypts the password with the user salt > >> > def encrypt(password) > >> > self.class.encrypt(password, salt) > >> > end[/code] > > >> > So.... I have full db access so I have the encrypted passwords and > >> > their associated salts. And I need a php script to verify users. Is > >> > there as way for me to un-encrypt this password via php and the > >> > database that Ruby is using? > > >> > Thanks in advance for any guidance or assistance you may be able to > >> > provide. > > >> > -- > >> > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > >> > To post to this group, send email to rubyonrails-talk@googlegroups.com. > >> > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > >> > For more options, visit this group athttp://groups.google.com/group/rubyonrails-talk?hl=en. > > >> -- > >> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > >> To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org. > >> To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > >> For more options, visit this group athttp://groups.google.com/group/rubyonrails-talk?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > > For more options, visit this group athttp://groups.google.com/group/rubyonrails-talk?hl=en. > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. > For more options, visit this group athttp://groups.google.com/group/rubyonrails-talk?hl=en.-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On 10 May 2010 14:04, rusty <rwcoan-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Ok, one last question and I think I''ve got this. > > How is Ruby interpreting this string? > > "--#{salt}--#{password}--" > > For example let''s say.... > salt = 1234 > password = 5678 > > Is Ruby seeing > > "--#{1234}--#{5678}--" > > or > > "--#1234--#5678--" > > or > > "--1234--5678--" > > This is really just my ignorance of how Ruby interprets variables in > strings. Sorry in advance for the dumb question.Try it in the console and see. (ruby script/console) Colin -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
In case you do not have a working Ruby app with a console available the answer is: "--1234--5678--" The document on the digest is avaialble here: http://ruby-doc.org/stdlib/libdoc/digest/rdoc/index.html -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.