If input contains....

Hd Pwnz0r · Aug 24, 2010

I'm making a secure password generator, where the user inputs a word and
it translates it to something more secure, so if they entered "book" it
would return "b00k". I just don't know how to say like

if input contains "S" replace with "$"

etc.

Help?

Martin DeMello · Aug 24, 2010

I'm making a secure password generator, where the user inputs a word and
it translates it to something more secure, so if they entered "book" it
would return "b00k". I just don't know how to say like

if input contains "S" replace with "$"

Check out String#gsub

http://ruby-doc.org/core/classes/String.html#M000817

martin

Robert Klemme · Aug 24, 2010

2010/8/24 Hd Pwnz0r said:
I'm making a secure password generator, where the user inputs a word and
it translates it to something more secure, so if they entered "book" it
would return "b00k". I just don't know how to say like

if input contains "S" replace with "$"

input.gsub! /S/, '$'

Cheers

robert

Peter Hickman · Aug 24, 2010

That is not going to be very secure.

This is what I use when I need a username or password for some part of my system

#!/usr/bin/env ruby

a = [ ('0'..'9').to_a, ('a'..'z').to_a, ('A'..'Z').to_a, "_"].flatten

10.times do
puts (0..30).map{a[rand(a.size)]}.join('')
end

Which gives output like:

0Lqimr_6JWoXvFR_UWA0CZo6J23QFci
mwB8_i5N2LPPcHsLQQBfafUUBMZvxxO
nhjWija1r2a_1BSpxhuGOyC3eXIQwjd
d2Jj1mS6ah_OqmWH0J4wL8lOaugfH6t
jZ7_9IYHa9G_JBqha4hMhKo3PnbnMhc
vHjIM925PbqrW_1rOvNLtktSIqdQZQU
ClxbfZp0dg5oxHstqHgfNJyMnPbQTa7
boODNYczqZoNuFeg_ROQ5fj1BPNg3m4
KlBhifcZy_Sl4mFew2e4PBMQasOuBTL
3RZXBYZfmHxiMx1lfBKMsilmIK5vgzN

Pick one for the username and another for the password. Actually I use
a slightly more complex script (using more symbols) but rest assured
converting ordinary text into 1337 text is old hat and even the
dumbest brute force password cracker will try them because people like
you think that b00k is more secure than book.

Also why did you not try and google for this first?

Rob Biedenharn · Aug 24, 2010

I'm making a secure password generator, where the user inputs a word
and
it translates it to something more secure, so if they entered "book"
it
would return "b00k". I just don't know how to say like

if input contains "S" replace with "$"

etc.

Help?

String#tr and String#gsub come to mind.

-Rob

Rob Biedenharn
(e-mail address removed) http://AgileConsultingLLC.com/
(e-mail address removed) http://GaslightSoftware.com/

Jean-Julien Fleck · Aug 24, 2010

2010/8/24 Hd Pwnz0r said:
I'm making a secure password generator, where the user inputs a word and
it translates it to something more secure, so if they entered "book" it
would return "b00k". I just don't know how to say like

if input contains "S" replace with "$"

etc.

Help?

Use regular expressions:

string = "password"
new_string = string.gsub(/[sS]/,'$') ## 'pa$$word'

You can chain the calls

newer = string.gsub(/[sS]/,'$').gsub(/[oO]/,'0') ## 'pa$$w0rd'

or even define a hash with all your transformations using inject to
apply them to your string

transfo_hash = {/[sS]/ => '$', /[oO]/ => '0', /[aA]/ => '4'}

transfo_hash.inject(string) {|sum_string,h|
sum_string.gsub(h[0],h[1])} ## p4$$w0rd

But I would say as Peter that it is not really more secure than the
original string.

@peter: how do you remember the couple login/password that are
randomly chosen ? Do you store them somewhere ?

Cheers,

JJ Fleck

PS: see also http://xkcd.com/538/

Peter Hickman · Aug 24, 2010

@Peter: how do you remember the couple login/password that are
randomly chosen ? Do you store them somewhere ?

The really insane ones are used to access accounts or services
programatically - so they are stored as part of the application that
accesses the service. These machines (the command and control servers)
are inside our company and protected but they have to store the
username / password as plain text. On the other end, at the hosting
companies we use, the username is in plain text but the password is
encrypted.

The firewalls at both ends limit which machines can even access the
services and tools look for abuse (such as deny hosts) and we use ssh
where we can, so it's pretty secure.

However if anyone was to break into our office in the middle of the
night and gain access to the command and control servers then all bets
are off

My personal limit for remembering a long password is around 16
characters, but I have to use it frequently.

[HELP] Add-on - Twitch chat input	0	Sep 1, 2024
I HAVE MADE AN IMPROVED INPUT FOR INTEGERS ONLY	3	Oct 28, 2024
Registration Form	7	Aug 30, 2023
Can someone pls help me with a little algorithm script	1	Nov 28, 2024
HCaptcha - How to stop page from refreshing on submit if captcha is not checked/validated	1	Aug 29, 2023
How to Create a random password generator in a separate window	4	May 26, 2022
How to use the last user input in Text widget in an If/Else statement after Enter is pressed?	0	Mar 31, 2019
A process take input from /proc/<pid>/fd/0, but won't process it	0	Oct 29, 2023

If input contains....

Hd Pwnz0r

Martin DeMello

Robert Klemme

Peter Hickman

Rob Biedenharn

Jean-Julien Fleck

Peter Hickman

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads