[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

what password obfuscation options are there in standard ruby on windows?

rpardee

4/1/2005 8:12:00 PM

Hey All,

I've got to write a script that will contain a password in it & would
like to make at least a token effort at obfuscating (if not actually
encrypting) it.

It looks to me like the only encrypt-y thing in the standard libs is
String.crypt, which does a one-way hash. Is that right? So it's
looking to me like I can Base64.encode it, or else download crypt-fog
or some such thing.

I'm using v1.8 on windows, btw.

Thanks!

-Roy
19 Answers

Jamey Cribbs

4/1/2005 8:36:00 PM

0

rpardee@comcast.net wrote:

>Hey All,
>
>I've got to write a script that will contain a password in it & would
>like to make at least a token effort at obfuscating (if not actually
>encrypting) it.
>
>It looks to me like the only encrypt-y thing in the standard libs is
>String.crypt, which does a one-way hash. Is that right? So it's
>looking to me like I can Base64.encode it, or else download crypt-fog
>or some such thing.
>
>
>
I actually just wrote a pure-Ruby Vignere cipher encryption routine for
the next version of KirbyBase. The Vignere cipher is a substituion
cipher, like rot13, but it is a little more secure because it uses a key
to determine substition. Still not very secure, but something about the
name and the fact that it was developed hundreds of years ago appealed
to me. :-)

Anyway, if you are interested, I could email you the code. It's not
pretty, but it works.

Jamey Cribbs

Confidentiality Notice: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or privileged information. If you are not the intended recipient(s), you are hereby notified that any dissemination, unauthorized review, use, disclosure or distribution of this email and any materials contained in any attachments is prohibited. If you receive this message in error, or are not the intended recipient(s), please immediately notify the sender by email and destroy all copies of the original message, including attachments.

Patrick Hurley

4/1/2005 8:37:00 PM

0

On Apr 1, 2005 3:14 PM, rpardee@comcast.net <rpardee@comcast.net> wrote:
> It looks to me like the only encrypt-y thing in the standard libs is
> String.crypt, which does a one-way hash. Is that right? So it's
> looking to me like I can Base64.encode it, or else download crypt-fog
> or some such thing.

Check out digest and use your choice of md5, sha1, sha2, etc...

Patrick

rpardee

4/1/2005 8:58:00 PM

0

Hmm... to quote ri: "Nothing known about digest." 8^)

Oh wait, here it is in the pickaxe book. Looks like this only does
hashes tho--I think I'm going to need something 2-way I think. I want
to "encrypt" the pwd & hard-code the "ciphertext" into my script & have
the script "decrypt" said ciphertext at run time.

Thanks!

-Roy

Shajith

4/1/2005 9:24:00 PM

0

On Apr 2, 2005 2:29 AM, rpardee@comcast.net <rpardee@comcast.net> wrote:
> I want
> to "encrypt" the pwd & hard-code the "ciphertext" into my script & have
> the script "decrypt" said ciphertext at run time.

This turned up on a straight google:
http://www.ruby-talk.org/cgi-bin/scat.rb/ruby/ruby-t...

Looks like you'll need the openssl for that, though.

> Thanks!
>
> -Roy

HTH!
Shajith
>

rpardee

4/1/2005 9:37:00 PM

0

Aye--thanks. I actually saw that & followed the openssl rabbit down
the hole until I got to the whole "here's the source--get you a
compiler & have at it" part.

I need to run my script from several computers, all of which are
scheduled for OS upgrades (read: hd wipes) in the near future. So I
was hoping for something that comes right out of the box w/ruby, so I
wouldn't have to remember where I got something & how I installed it.

But this is pretty low-priority stuff--I'm just trying to keep out the
shoulder-surfers. So if I have to do base64, that's far from tragic.

So is this a good place to agitate/whine for the inclusion of some of
the all-ruby crypto algorithms out there in the standard lib? Maybe
nothing's ready for prime-time? Maybe it's better to try to get it in
the windows one-click installer, on the theory that the unixies (and
macsters?) all have openssl?

Thanks all,

-Roy

Shajith

4/1/2005 9:57:00 PM

0

On Apr 2, 2005 3:09 AM, rpardee@comcast.net <rpardee@comcast.net> wrote:
>
> So is this a good place to agitate/whine for the inclusion of some of
> the all-ruby crypto algorithms out there in the standard lib? Maybe
> nothing's ready for prime-time? Maybe it's better to try to get it in
> the windows one-click installer, on the theory that the unixies (and
> macsters?) all have openssl?

Dunno about that, but there seem to be some entries under the
Cryptography category in RAA[1], some of them pure ruby(like
ruby-aes).

Of course, nothing would beat having a pure-ruby crypto lib in the
standard distribution.

HTH!
Shajith

1: http://raa.ruby-lang.org/cat.rhtml?category_major=Library;category_minor=Cr...

Bertram Scharpf

4/1/2005 10:29:00 PM

0

Hi,

Am Samstag, 02. Apr 2005, 05:14:44 +0900 schrieb rpardee@comcast.net:
>
> I've got to write a script that will contain a password in it & would
> like to make at least a token effort at obfuscating (if not actually
> encrypting) it.
>
> It looks to me like the only encrypt-y thing in the standard libs is
> String.crypt, which does a one-way hash. Is that right? So it's
> looking to me like I can Base64.encode it, or else download crypt-fog
> or some such thing.

Do you mean this?

http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-t...

Bertram


--
Bertram Scharpf
Stuttgart, Deutschland/Germany
http://www.bertram-...

djberg96

4/2/2005 12:48:00 AM

0

rpardee@comcast.net wrote:
> Aye--thanks. I actually saw that & followed the openssl rabbit down
> the hole until I got to the whole "here's the source--get you a
> compiler & have at it" part.
>
> I need to run my script from several computers, all of which are
> scheduled for OS upgrades (read: hd wipes) in the near future. So I
> was hoping for something that comes right out of the box w/ruby, so I
> wouldn't have to remember where I got something & how I installed it.

The one-click installer for windows comes with openssl builtin. From
the release notes:

Contents: Version:
-------- --------
Ruby 1.8.2
RubyGems 0.8.3
Tcl/Tk 1.8.1
SciTE 1.59
FreeRIDE 0.9.2
HelpFile 3a
FXRuby 1.2.2
GLUT 3.7.6
OpenGL 0.23b
OpenSSL 0.9.7e
Expat 1.95.7
XMLParser 0.6.8
HTMLParser 19990912p2
zlib-lib 1.2.1
ZLib 0.6.0
RubyDBI 0.0.23
DBD/ODBC 0.994
DBD/oracle 0.2.11
RubyMock 1.1
SWin 040314
VRuby 040306
log4r 1.0.5

Regards,

Dan

rpardee

4/2/2005 1:08:00 AM

0

Hmmm... confusing. I do find files called ssl.rb here:

"C:\Program Files\Ruby\lib\ruby\1.8\webrick\ssl.rb"

and

"C:\Program Files\Ruby\lib\ruby\1.8\drb\ssl.rb"

And I've even got an OpenSSL folder under Samples. But none of the
samples seem to work, and irb says:

irb(main):001:0> require 'openssl'
LoadError: No such file to load -- openssl
from (irb):1:in `require'
from (irb):1

Any advice? Maybe I need to re-install?

Thanks!

-Roy

Daniel Berger wrote:

> The one-click installer for windows comes with openssl builtin. From
> the release notes:
>
> Contents: Version:
> -------- --------
> Ruby 1.8.2
> RubyGems 0.8.3
> Tcl/Tk 1.8.1
> SciTE 1.59
> FreeRIDE 0.9.2
> HelpFile 3a
> FXRuby 1.2.2
> GLUT 3.7.6
> OpenGL 0.23b
> OpenSSL 0.9.7e
> Expat 1.95.7
> XMLParser 0.6.8
> HTMLParser 19990912p2
> zlib-lib 1.2.1
> ZLib 0.6.0
> RubyDBI 0.0.23
> DBD/ODBC 0.994
> DBD/oracle 0.2.11
> RubyMock 1.1
> SWin 040314
> VRuby 040306
> log4r 1.0.5
>
> Regards,
>
> Dan

djberg96

4/2/2005 2:04:00 AM

0

rpardee@comcast.net wrote:
> Hmmm... confusing. I do find files called ssl.rb here:
>
> "C:\Program Files\Ruby\lib\ruby\1.8\webrick\ssl.rb"
>
> and
>
> "C:\Program Files\Ruby\lib\ruby\1.8\drb\ssl.rb"
>
> And I've even got an OpenSSL folder under Samples. But none of the
> samples seem to work, and irb says:
>
> irb(main):001:0> require 'openssl'
> LoadError: No such file to load -- openssl
> from (irb):1:in `require'
> from (irb):1
>
> Any advice? Maybe I need to re-install?

Works for me:

irb(main):001:0> require "openssl"
=> true

Looks like either you have an old version of the installer or it got
borked somehow. A "ruby -v" should return the following:

ruby 1.8.2 (2004-12-25) [i386-mswin32]

My suggestion is to grab the latest installer and re-install.

Regards,

Dan