Forum: JRuby String#crypt behaving differently that in MRI

Aed90714f90b6daf64087984740640bf?d=identicon&s=25 henning mueller (Guest)
on 2013-09-19 13:45
(Received via mailing list)

I tried getting a Rails project working on JRuby 1.7.4 and a test
regarding password hashes failed. Passwords hashes are created by:

password.crypt('$6$' + salt)

On MRI (2.0.0-p247), this returns a proper sha512-crypt hash. In JRuby a
significantly shorter hash with two characters salt is returned:

=> "$6GFbj3O6XCj2"

Is this expected behaviour? For me this looks like nothing, the crypt(3)
function of glibc even supports. Do I have to use an external gem to
generate sha512-crypt hashes?

Thanks in advance!
F1d37642fdaa1662ff46e4c65731e9ab?d=identicon&s=25 Charles Nutter (headius)
on 2013-09-19 18:21
(Received via mailing list)
Can you put this in the form of a bug report on Github with some code
to reproduce the effect?

We certainly don't use the libc crypt but we should produce the same
result as MRI.

An alternative that you (or we) could potentially use would be to FFI
bind the actual crypt function. I've done a prototype here:

There's also a Ruby DES library here:

In any case, we should do the right thing when you use built-in
libraries, so file an issue please.

- Charlie
13313ac2ec7ba7c43b1b952db034ff3b?d=identicon&s=25 Thomas E Enebo (Guest)
on 2013-09-19 18:36
(Received via mailing list)
Hmmm, my 2.0pl247 does not do this:

% jruby -e 'p "foobar".crypt(%q($6$2mlKb.sZpswpnZlt))'
% mri19 -e 'p "foobar".crypt(%q($6$2mlKb.sZpswpnZlt))'
% mri20 -e 'p "foobar".crypt(%q($6$2mlKb.sZpswpnZlt))'

Could this be some gem which is monkey-patching this method?

This output has been what I have expected from crypt for the last 25+
(2char salt prepended to front), but I agree this version of crypt is
getting outdated and probably should be a much more robust one-way hash

13313ac2ec7ba7c43b1b952db034ff3b?d=identicon&s=25 Thomas E Enebo (Guest)
on 2013-09-19 18:38
(Received via mailing list)
Perhaps this is just a difference as Charlie mentioned that glibc#crypt
different on different OSes now (I am running on MacOS)?  If so then we
will for sure need to use FFI to hook into this...

Aed90714f90b6daf64087984740640bf?d=identicon&s=25 henning mueller (Guest)
on 2013-09-22 13:18
(Received via mailing list)

Am 19.09.2013 18:18, schrieb Charles Oliver Nutter:
> Can you put this in the form of a bug report on Github with some code
> to reproduce the effect?

I filed a bug report on GitHub:

Thanks for your efforts!
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.