Forum: Ruby on Rails Undoing a SHA1

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
A07a702b923a93059def7270b9557039?d=identicon&s=25 Mohammad (Guest)
on 2006-05-11 22:21
Hello for my password recovery system I want to recover the users
password and send it to them. In the DB its saved via SHA1 (login
generator)
6ef8cb7cd7cd58077f0b57e4fa49a969?d=identicon&s=25 Brian Hogan (Guest)
on 2006-05-11 22:51
(Received via mailing list)
I may be wrong on this but I believe that SHA1 is (for the most part)
unrecoverable. I would suggest that you create a random password
generator.... change the password and email it to the user.
0a36dd2d45a8cead5dcfd27a9346f620?d=identicon&s=25 Mohammad (Guest)
on 2006-05-11 22:55
any one know what the code for generating a random password would be?
B192011964906cffb106241f99cb4c3f?d=identicon&s=25 Rodrigo Dominguez (rdominguez)
on 2006-05-11 23:00
(Received via mailing list)
Try this:

  def random_string(len)
    code_array=[]
    chars = ('a'..'z').to_a - ['a','e','i','o','u']
    1.upto(len) {code_array << chars[rand(chars.length)]}
    code_array
  end


Rodrigo Dominguez
 
Iplan Networks                Datos Personales
rdominguez@iplan.com.ar       rorra@rorra.com.ar
www.iplan.com.ar              www.rorra.com.ar
5031-6303                     15-5695-6027


-----Mensaje original-----
De: rails-bounces@lists.rubyonrails.org
[mailto:rails-bounces@lists.rubyonrails.org] En nombre de Mohammad
Enviado el: Jueves, 11 de Mayo de 2006 05:55 p.m.
Para: rails@lists.rubyonrails.org
Asunto: [Rails] Re: Undoing a SHA1

any one know what the code for generating a random password would be?

--
Posted via http://www.ruby-forum.com/.
_______________________________________________
Rails mailing list
Rails@lists.rubyonrails.org
http://lists.rubyonrails.org/mailman/listinfo/rails
Ae16cb4f6d78e485b04ce1e821592ae5?d=identicon&s=25 Martin DeMello (Guest)
on 2006-05-11 23:00
(Received via mailing list)
On 5/12/06, Mohammad <name.goes.here44@gmail.com> wrote:
> any one know what the code for generating a random password would be?

something along the lines of

pwlen = rand(6)+3
pw = (0..pwlen).map { rand(96)+32 }.join('')

martin
59de94a56fd2c198f33d9515d1c05961?d=identicon&s=25 Tom Mornini (Guest)
on 2006-05-12 01:00
(Received via mailing list)
On May 11, 2006, at 1:59 PM, Martin DeMello wrote:

> On 5/12/06, Mohammad <name.goes.here44@gmail.com> wrote:
>> any one know what the code for generating a random password would be?
>
> something along the lines of
>
> pwlen = rand(6)+3
> pw = (0..pwlen).map { rand(96)+32 }.join('')

Nice, but doesn't work, missing character conversion.

Array.new(rand(6).to_i+3) { (rand(96).to_i+32).chr }.join('')
B3260ee62969961010117e21e9872a3a?d=identicon&s=25 Kenneth Lee (Guest)
on 2006-05-12 01:06
(Received via mailing list)
Try this:
[Array.new(6){rand(256).chr}.join].pack("m")[0..7]
Ae16cb4f6d78e485b04ce1e821592ae5?d=identicon&s=25 Martin DeMello (Guest)
on 2006-05-12 01:06
(Received via mailing list)
On 5/12/06, Tom Mornini <tmornini@infomania.com> wrote:
> Nice, but doesn't work, missing character conversion.
oops - yes, that'll teach me not to type code straight into the browser
window

>
> Array.new(rand(6).to_i+3) { (rand(96).to_i+32).chr }.join('')

You don't need the to_i - rand returns an integer if given a nonzero
argument. From ri:

------------------------------------------------------------ Kernel#rand
     rand(max=0)    => number
------------------------------------------------------------------------
     Converts max to an integer using max1 = max.to_i.abs. If the
     result is zero, returns a pseudorandom floating point number
     greater than or equal to 0.0 and less than 1.0. Otherwise, returns
     a pseudorandom integer greater than or equal to zero and less than
     max1.

martin
59de94a56fd2c198f33d9515d1c05961?d=identicon&s=25 Tom Mornini (Guest)
on 2006-05-12 01:18
(Received via mailing list)
On May 11, 2006, at 4:05 PM, Martin DeMello wrote:

>> > pw = (0..pwlen).map { rand(96)+32 }.join('')
>>
>> Nice, but doesn't work, missing character conversion.
>
> oops - yes, that'll teach me not to type code straight into the
> browser window
>
>> Array.new(rand(6).to_i+3) { (rand(96).to_i+32).chr }.join('')
>
> You don't need the to_i - rand returns an integer if given a nonzero
> argument. From ri:

Cool. Thanks for the tip!

--
-- Tom Mornini
9d7d8ef2179661d6b30e180fa588cd45?d=identicon&s=25 Calle Dybedahl (Guest)
on 2006-05-12 08:57
(Received via mailing list)
>>>>> "Brian" == Brian Hogan <bphogan@gmail.com> writes:

> I may be wrong on this but I believe that SHA1 is (for the most part)
> unrecoverable.

SHA-1 is a hashing algorithm. This means that it's _designed_ not to
be reversible. While weaknesses in the algorithm have been found in
the past couple of years, finding data that hashes to a specific given
hash is still in the extremely serious supercomputer range (as in
unless your machine does lots of teraflops and you have months to
spend, don't even dream about it).
--
		     Calle Dybedahl <calle@cyberpomo.com>
		 http://www.livejournal.com/users/cdybedahl/
     "And don't try to tell us there is no way to go but up, because the
      truth is, there is *always* more down." -- Gunn, Angel: the Series
This topic is locked and can not be replied to.