method

crypt

v1_9_2_180 - Show latest stable - Class: String

crypt(p1)

public

Applies a one-way cryptographic hash to str by invoking the standard library function crypt. The argument is the salt string, which should be two characters long, each character drawn from [a-zA-Z0-9./].

static VALUE
rb_str_crypt(VALUE str, VALUE salt)
{
    extern char *crypt(const char *, const char *);
    VALUE result;
    const char *s, *saltp;
#ifdef BROKEN_CRYPT
    char salt_8bit_clean[3];
#endif

    StringValue(salt);
    if (RSTRING_LEN(salt) < 2)
        rb_raise(rb_eArgError, "salt too short (need >=2 bytes)");

    s = RSTRING_PTR(str);
    if (!s) s = "";
    saltp = RSTRING_PTR(salt);
#ifdef BROKEN_CRYPT
    if (!ISASCII((unsigned char)saltp[0]) || !ISASCII((unsigned char)saltp[1])) {
        salt_8bit_clean[0] = saltp[0] & 0x7f;
        salt_8bit_clean[1] = saltp[1] & 0x7f;
        salt_8bit_clean[2] = '\0';
        saltp = salt_8bit_clean;
    }
#endif
    result = rb_str_new2(crypt(s, saltp));
    OBJ_INFECT(result, str);
    OBJ_INFECT(result, salt);
    return result;
}

3Notes

clarification

brian · May 4, 20091 thank

Via Kenneth Kalmer:

From the man page: If salt is a character string starting with the characters “$id$” followed by a string terminated by “$”: $id$salt$encrypted then instead of using the DES machine, id identifies the encryption method used and this then determines how the rest of the password string is interpreted. ==== irb session => “abNANd1rDfiNc” irb(main):002:0> “secret”.crypt(”abasasa”) => “abNANd1rDfiNc” irb(main):003:0> “secret”.crypt(”$1$abasasa”) => “$1$abasasa$2RZY2vd6E2ZEPSDa0eLec0″ irb(main):004:0> “secret”.crypt(”$1$abasa”) => “$1$abasa$ikoKICgwOFdcWgmDl9Asy1″

see http://www.opensourcery.co.za/2009/05/01/quick-nix-shadow-passwords-with-ruby/

String#crypt uses your platform's native implementation

gabetax · Mar 3, 20111 thank

Which cipher types (specified through the salt argument) are available will depend on what your platform natively supports. It should be noted that OSX up to at last 10.6 only provides the regular DES cipher. On most Linux platforms, however, you should have access to the following:

          ID  | Method
          ---------------------------------------------------------
          1   | MD5
          2a  | Blowfish (not in mainline glibc; added in some
              | Linux distributions)
          5   | SHA-256 (since glibc 2.7)
          6   | SHA-512 (since glibc 2.7)

So on OSX, you might have:

ruby-1.9.2-p180 :001 > "password".crypt("$6$somesalt")

=> "$6FMi11BJFsAc"

But on Linux, you'll get:

irb(main):001:0> "password".crypt("$6$somesalt")
=> "$6$somesalt$A7P/0Yfu8RprY88D5T1n.xKT749BOn/IXBvmR1gXZzU7imsoTfZhCQ1916CB7WNX9eOOeSmBmmMrl5fQn9LAP1"

For more information on what your platform supports, see man crypt

Beware: default system crypt functionality silently ignores characters beyond the 8th

mildavw · Dec 6, 2012

On some systems:

"1".crypt('aa')                     => "aacFCuAIHhrCM"
"12".crypt('aa')                    => "aa8dJzr7DFMPA"
"123".crypt('aa')                   => "aamrgyQfDFSHw"
"1234".crypt('aa')                  => "aatxRPdZ/m52."
"12345".crypt('aa')                 => "aajt.4s3e3SZA"
"123456".crypt('aa')                => "aaAN1ZUwjW7to"
"1234567".crypt('aa')               => "aaOK9MRbwVNmQ"
"12345678".crypt('aa')              => "aaNN3X.PL2piw"
"123456789".crypt('aa')             => "aaNN3X.PL2piw"
"1234567890".crypt('aa')            => "aaNN3X.PL2piw"
"1234567890abcdefghij".crypt('aa')  => "aaNN3X.PL2piw"

crypt

3Notes

clarification

String#crypt uses your platform's native implementation

Beware: default system crypt functionality silently ignores characters beyond the 8th

Related methods