tags:

views:

438

answers:

2
+1  Q: 

How do I translate this SHA function in Java to an equivalent in Ruby?

I have this algorithm in Java to store passwords in database. I'd like to re-write my application in Ruby on Rails, so I need the same algorithm to compare hashed passwords. What's the Ruby equivalent of this algorithm?

public static String encrypt(String password) {
 MessageDigest md;
 try {
  md = MessageDigest.getInstance("SHA");
  md.update(password.getBytes("UTF-8")); // step 3
  byte raw[] = md.digest(); // step 4
  String hash = (new BASE64Encoder()).encode(raw); // step 5
  return hash; // step 6
 } catch (NoSuchAlgorithmException e) {
  // TODO Auto-generated catch block
  e.printStackTrace();
 } catch (UnsupportedEncodingException e) {
  // TODO Auto-generated catch block
  e.printStackTrace();
 } 
 return null;
}

Just for testing purpose, the "teste123" password generates this hash in my Java version: PQ87ndys7DDEAIxeAw5sE6R4y08=

+1  A: 

Before you go any further, stop what you're doing and read this Coding Horror article: You're Probably Storing Passwords Incorrectly.

Using a plain hash, with no salt, to encode passwords is nearly as bad as not using any hashing at all.

Greg Hewgill  2009-09-06 23:23:12
You are right! It was a mistake of 4 years ago. But I can't restore the already stored passwords from the database, can I? I will add a salt, but I still need to know how to do it in Ruby.
Daniel Cukier  2009-09-06 23:39:27
Fair enough, I was afraid it might be a legacy system issue. In general, you can't directly restore the already-stored passwords, except perhaps by using a rainbow table attack (a lot of work for little benefit really). One approach might be to present your users with: "Hi! Your password has expired. Please update your password before proceeding." and store the current password encoding mechanism in your database (so you know who has updated and who hasn't).
Greg Hewgill  2009-09-06 23:54:13
Another option would be re-hash the already hashed password with a salt, something like this: new_hash(old_hash(password), salt) - and store all password like this
Daniel Cukier  2009-09-06 23:58:26
Right, good idea. I just came back to this question to add that note, and found you beat me to it!
Greg Hewgill  2009-09-07 00:00:30
+2  A: 

Before you read this, read Greg's answer about hashing.

Then:

import java.security.*;
import sun.misc.BASE64Encoder;
import java.io.*;
public class test {
  public static String encrypt(String password) {
    MessageDigest md;
    try {
      md = MessageDigest.getInstance("SHA");
      md.update(password.getBytes("UTF-8")); // step 3
      byte raw[] = md.digest(); // step 4
      String hash = (new BASE64Encoder()).encode(raw); // step 5
      return hash; // step 6
    } catch (NoSuchAlgorithmException e) {
    } catch (java.io.UnsupportedEncodingException e) {
    }
    return null;
  }

  public static void main(String[] args) {
    System.out.println(encrypt("my password"));
  }
}

This outputs

ovj3+hlaCAoipokEHaqPIET58zY=

In Ruby:

require 'digest/sha1'
require 'base64'
Base64.b64encode Digest::SHA1.digest('my password')

also outputs

ovj3+hlaCAoipokEHaqPIET58zY=

Jim Puls  2009-09-06 23:32:35
I get a "\n" with Base64.b64encode Digest::SHA1.digest('my password'):=> "ovj3+hlaCAoipokEHaqPIET58zY=\n"
Daniel Cukier  2009-09-06 23:56:05
Is this seriously a problem? It's not like \n is a valid Base64 character; you can strip it out, yes?
Jim Puls  2009-09-07 01:52:12
require 'digest/sha1'require 'base64'Base64.b64encode(Digest::SHA1.digest('my password')).chomp
Anko  2009-09-07 02:19:44

related questions

Best place to get Ruby on Vista up and running as dev environment
How can I encode xml files to xfdl (base64-gzip)?
What is the best way to learn Ruby?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a Class using the Singleton Design Pattern in Ruby?
How do I update Ruby Gems from behind a Proxy (ISA-NTLM)
Why Should I Learn Ruby?
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
How do I rake tasks within a ruby script?
Ruby On Rails with Windows Vista - Best Setup?
Mapping values from two array in Ruby
Reverse DNS in Ruby?
Text Editor For Linux (Besides Vi)?
What is good forum software to add to an existing Rails application?
Calling Bash Commands From Ruby
How can I modify .xfdl files? (Update #1)
How do I use (n)curses in Ruby?
Open Source Ruby Projects
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
When to use lambda, when to use Proc.new?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.
.NET Migrations Engine
How do I add existing comments to RDoc in Ruby?