what password obfuscation options are there in standard ruby on windows?

[rpardee]

Hey All,

I've got to write a script that will contain a password in it & would
like to make at least a token effort at obfuscating (if not actually
encrypting) it.

It looks to me like the only encrypt-y thing in the standard libs is
String.crypt, which does a one-way hash. Is that right? So it's
looking to me like I can Base64.encode it, or else download crypt-fog
or some such thing.

I'm using v1.8 on windows, btw.

Thanks!

-Roy

 

[Jamey Cribbs]

Hey All,

I've got to write a script that will contain a password in it & would
like to make at least a token effort at obfuscating (if not actually
encrypting) it.

It looks to me like the only encrypt-y thing in the standard libs is
String.crypt, which does a one-way hash. Is that right? So it's
looking to me like I can Base64.encode it, or else download crypt-fog
or some such thing.

I actually just wrote a pure-Ruby Vignere cipher encryption routine for
the next version of KirbyBase. The Vignere cipher is a substituion
cipher, like rot13, but it is a little more secure because it uses a key
to determine substition. Still not very secure, but something about the
name and the fact that it was developed hundreds of years ago appealed
to me.

Anyway, if you are interested, I could email you the code. It's not
pretty, but it works.

Jamey Cribbs

Confidentiality Notice: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or privileged information. If you are not the intended recipient(s), you are hereby notified that any dissemination, unauthorized review, use, disclosure or distribution of this email and any materials contained in any attachments is prohibited. If you receive this message in error, or are not the intended recipient(s), please immediately notify the sender by email and destroy all copies of the original message, including attachments.

 

[Patrick Hurley]

It looks to me like the only encrypt-y thing in the standard libs is
String.crypt, which does a one-way hash. Is that right? So it's
looking to me like I can Base64.encode it, or else download crypt-fog
or some such thing.

Check out digest and use your choice of md5, sha1, sha2, etc...

Patrick

 

[rpardee]

Hmm... to quote ri: "Nothing known about digest." 8^)

Oh wait, here it is in the pickaxe book. Looks like this only does
hashes tho--I think I'm going to need something 2-way I think. I want
to "encrypt" the pwd & hard-code the "ciphertext" into my script & have
the script "decrypt" said ciphertext at run time.

Thanks!

-Roy

 

[Shajith]

I want
to "encrypt" the pwd & hard-code the "ciphertext" into my script & have
the script "decrypt" said ciphertext at run time.

This turned up on a straight google:
http://www.ruby-talk.org/cgi-bin/scat.rb/ruby/ruby-talk/112456

Looks like you'll need the openssl for that, though.

 

[rpardee]

Aye--thanks. I actually saw that & followed the openssl rabbit down
the hole until I got to the whole "here's the source--get you a
compiler & have at it" part.

I need to run my script from several computers, all of which are
scheduled for OS upgrades (read: hd wipes) in the near future. So I
was hoping for something that comes right out of the box w/ruby, so I
wouldn't have to remember where I got something & how I installed it.

But this is pretty low-priority stuff--I'm just trying to keep out the
shoulder-surfers. So if I have to do base64, that's far from tragic.

So is this a good place to agitate/whine for the inclusion of some of
the all-ruby crypto algorithms out there in the standard lib? Maybe
nothing's ready for prime-time? Maybe it's better to try to get it in
the windows one-click installer, on the theory that the unixies (and
macsters?) all have openssl?

Thanks all,

-Roy

 

[Shajith]

So is this a good place to agitate/whine for the inclusion of some of
the all-ruby crypto algorithms out there in the standard lib? Maybe
nothing's ready for prime-time? Maybe it's better to try to get it in
the windows one-click installer, on the theory that the unixies (and
macsters?) all have openssl?

Dunno about that, but there seem to be some entries under the
Cryptography category in RAA[1], some of them pure ruby(like
ruby-aes).

Of course, nothing would beat having a pure-ruby crypto lib in the
standard distribution.

HTH!
Shajith

1: http://raa.ruby-lang.org/cat.rhtml?category_major=Library;category_minor=Cryptography

 

[Bertram Scharpf]

Hi,

Am Samstag, 02. Apr 2005, 05:14:44 +0900 schrieb (e-mail address removed):

I've got to write a script that will contain a password in it & would
like to make at least a token effort at obfuscating (if not actually
encrypting) it.

It looks to me like the only encrypt-y thing in the standard libs is
String.crypt, which does a one-way hash. Is that right? So it's
looking to me like I can Base64.encode it, or else download crypt-fog
or some such thing.

Do you mean this?

http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/124391

Bertram

 

[Daniel Berger]

Aye--thanks. I actually saw that & followed the openssl rabbit down
the hole until I got to the whole "here's the source--get you a
compiler & have at it" part.

I need to run my script from several computers, all of which are
scheduled for OS upgrades (read: hd wipes) in the near future. So I
was hoping for something that comes right out of the box w/ruby, so I
wouldn't have to remember where I got something & how I installed it.

The one-click installer for windows comes with openssl builtin. From
the release notes:

Contents: Version:
-------- --------
Ruby 1.8.2
RubyGems 0.8.3
Tcl/Tk 1.8.1
SciTE 1.59
FreeRIDE 0.9.2
HelpFile 3a
FXRuby 1.2.2
GLUT 3.7.6
OpenGL 0.23b
OpenSSL 0.9.7e
Expat 1.95.7
XMLParser 0.6.8
HTMLParser 19990912p2
zlib-lib 1.2.1
ZLib 0.6.0
RubyDBI 0.0.23
DBD/ODBC 0.994
DBD/oracle 0.2.11
RubyMock 1.1
SWin 040314
VRuby 040306
log4r 1.0.5

Regards,

Dan

 

[rpardee]

Hmmm... confusing. I do find files called ssl.rb here:

"C:\Program Files\Ruby\lib\ruby\1.8\webrick\ssl.rb"

and

"C:\Program Files\Ruby\lib\ruby\1.8\drb\ssl.rb"

And I've even got an OpenSSL folder under Samples. But none of the
samples seem to work, and irb says:

irb(main):001:0> require 'openssl'
LoadError: No such file to load -- openssl
from (irb):1:in `require'
from (irb):1

Any advice? Maybe I need to re-install?

Thanks!

-Roy

 

[Daniel Berger]

Hmmm... confusing. I do find files called ssl.rb here:

"C:\Program Files\Ruby\lib\ruby\1.8\webrick\ssl.rb"

and

"C:\Program Files\Ruby\lib\ruby\1.8\drb\ssl.rb"

And I've even got an OpenSSL folder under Samples. But none of the
samples seem to work, and irb says:

irb(main):001:0> require 'openssl'
LoadError: No such file to load -- openssl
from (irb):1:in `require'
from (irb):1

Any advice? Maybe I need to re-install?

Works for me:

irb(main):001:0> require "openssl"
=> true

Looks like either you have an old version of the installer or it got
borked somehow. A "ruby -v" should return the following:

ruby 1.8.2 (2004-12-25) [i386-mswin32]

My suggestion is to grab the latest installer and re-install.

Regards,

Dan

 

[rpardee]

Bingo--that did it. Many thanks!

 

[Ben Giddings]

I've got to write a script that will contain a password in it & would
like to make at least a token effort at obfuscating (if not actually
encrypting) it.

It looks to me like the only encrypt-y thing in the standard libs is
String.crypt, which does a one-way hash. Is that right? So it's
looking to me like I can Base64.encode it, or else download crypt-fog
or some such thing.

There's also 'cyphersaber' on RAA. It adds methods to string to encrypt
and decrypt. I haven't used it much but it seems good (commercial
restrictions though).

Ben