I'm writing a website with Rails and I want to encrypt the passwords that go into the database. However, I don't want to use hashes (e.g. SHA1). Instead, I want to be able to decrypt to passwords again.
I searched Google and found this:
require 'openssl'
require 'digest/sha1'
c = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
c.encrypt
# your pass is what is used to encrypt/decrypt
c.key = key = Digest::SHA1.hexdigest("yourpass")
c.iv = iv = c.random_iv <-------------------------- What's IV??
e = c.update("crypt this")
e << c.final
puts "encrypted: #{e}\n"
c = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
c.decrypt
c.key = key
c.iv = iv
d = c.update(e)
d << c.final
puts "decrypted: #{d}\n"
That works. However, what's IV? I queried Google and found that it stands for "initialization vector". Can anyone quickly explain to me what that is, and most importantly: do I have to use that? Or can I just leave it out? I'd prefer to just use a key to encrypt the passwords, instead of "two keys"..
i'm sorry, not really an answer to your question here, a question of my own
actually..
i created an encrypting program (http://rubyforge.org/projects/rubycipher\)
and i was wondering if technically, it could be used for the same purpose,
encrypting passwords in rails..
greetings, Dirk.
ยทยทยท
2005/10/5, Robert <mannl@gmx.com>:
Hello!
I'm writing a website with Rails and I want to encrypt the passwords
that go into the database. However, I don't want to use hashes (e.g.
SHA1). Instead, I want to be able to decrypt to passwords again.
I searched Google and found this:
require 'openssl'
require 'digest/sha1'
c = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
c.encrypt
# your pass is what is used to encrypt/decrypt
c.key = key = Digest::SHA1.hexdigest("yourpass")
c.iv = iv = c.random_iv <-------------------------- What's IV??
e = c.update("crypt this")
e << c.final
puts "encrypted: #{e}\n"
c = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
c.decrypt
c.key = key
c.iv = iv
d = c.update(e)
d << c.final
puts "decrypted: #{d}\n"
That works. However, what's IV? I queried Google and found that it
stands for "initialization vector". Can anyone quickly explain to me
what that is, and most importantly: do I have to use that? Or can I
just leave it out? I'd prefer to just use a key to encrypt the
passwords, instead of "two keys"..
# your pass is what is used to encrypt/decrypt c.key = key =
Digest::SHA1.hexdigest("yourpass")
c.iv = iv = c.random_iv <-------------------------- What's IV??
e = c.update("crypt this")
Chapter 7 gives a good explanation about block ciphers like AES and the use
of Ivs.
In short: block ciphers like AES or DES encrpyts/decrypts data in blocks
(ie. 16 bytes each block). The processing of each block depends on the
result of the block processed before. So for the first data block there is
no predecessor, instead a IV with the same block size is used to initialize
the algoritm. To initialize the algorithm for decryption/encryption you need
the same iv as for encryption/decryption.