De-crypting Ruby password with php

Rails
1

Hello all, I have a client with an older Rails 1.8 app (was recently
upgraded from 1.6) and I need to integrate a php site to use the same
user login creds.

I’m not very versed with Ruby but I think this is the code that
encrypts the password.

[code]

Encrypts some data with the salt.

def self.encrypt(password, salt)
Digest::SHA1.hexdigest("–#{salt}–#{password}–")
end

Encrypts the password with the user salt

def encrypt(password)
self.class.encrypt(password, salt)
end[/code]

So… I have full db access so I have the encrypted passwords and
their associated salts. And I need a php script to verify users. Is
there as way for me to un-encrypt this password via php and the
database that Ruby is using?

Thanks in advance for any guidance or assistance you may be able to
provide.

2

You shouldn’t have to decrypt it. As with the login code in ruby you
compare hash to hash.

Dieter L.
http://www.coder2000.ca

3

exactly, that’s what I meant, sorry. Is this just a sha1() hash? I
guess I’m not fully understanding what Ruby is doing here.

Digest::SHA1.hexdigest("–#{salt}–#{password}–")

What is ‘hexdigest’?

4

It is just an SHA1 hash. the hexdigest part is getting the hex
representation of that hash.

Dieter L.
http://www.coder2000.ca

5

On 10 May 2010 14:04, rusty [email protected] wrote:

Is Ruby seeing

This is really just my ignorance of how Ruby interprets variables in
strings. Sorry in advance for the dumb question.

Try it in the console and see. (ruby script/console)

Colin

6

Ok, one last question and I think I’ve got this.

How is Ruby interpreting this string?

“–#{salt}–#{password}–”

For example let’s say…
salt = 1234
password = 5678

Is Ruby seeing

“–#{1234}–#{5678}–”

or

“–#1234#5678–”

or

“–1234–5678–”

This is really just my ignorance of how Ruby interprets variables in
strings. Sorry in advance for the dumb question.

Thanks for your assistance.

7

In case you do not have a working Ruby app with a console available
the answer is: “–1234–5678–”

The document on the digest is avaialble here:
http://ruby-doc.org/stdlib/libdoc/digest/rdoc/index.html