What password obfuscation options are there in standard ruby on windows?

Hey All,

I've got to write a script that will contain a password in it & would
like to make at least a token effort at obfuscating (if not actually
encrypting) it.

It looks to me like the only encrypt-y thing in the standard libs is
String.crypt, which does a one-way hash. Is that right? So it's
looking to me like I can Base64.encode it, or else download crypt-fog
or some such thing.

I'm using v1.8 on windows, btw.

Thanks!

-Roy

rpardee@comcast.net wrote:

Hey All,

I've got to write a script that will contain a password in it & would
like to make at least a token effort at obfuscating (if not actually
encrypting) it.

It looks to me like the only encrypt-y thing in the standard libs is
String.crypt, which does a one-way hash. Is that right? So it's
looking to me like I can Base64.encode it, or else download crypt-fog
or some such thing.

I actually just wrote a pure-Ruby Vignere cipher encryption routine for the next version of KirbyBase. The Vignere cipher is a substituion cipher, like rot13, but it is a little more secure because it uses a key to determine substition. Still not very secure, but something about the name and the fact that it was developed hundreds of years ago appealed to me.

Anyway, if you are interested, I could email you the code. It's not pretty, but it works.

Jamey Cribbs

Confidentiality Notice: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or privileged information. If you are not the intended recipient(s), you are hereby notified that any dissemination, unauthorized review, use, disclosure or distribution of this email and any materials contained in any attachments is prohibited. If you receive this message in error, or are not the intended recipient(s), please immediately notify the sender by email and destroy all copies of the original message, including attachments.

Check out digest and use your choice of md5, sha1, sha2, etc...

Patrick

Hi,

There's also 'cyphersaber' on RAA. It adds methods to string to encrypt
and decrypt. I haven't used it much but it seems good (commercial
restrictions though).

Ben

Hmm... to quote ri: "Nothing known about digest." 8^)

Oh wait, here it is in the pickaxe book. Looks like this only does
hashes tho--I think I'm going to need something 2-way I think. I want
to "encrypt" the pwd & hard-code the "ciphertext" into my script & have
the script "decrypt" said ciphertext at run time.

Thanks!

-Roy

I want
to "encrypt" the pwd & hard-code the "ciphertext" into my script & have
the script "decrypt" said ciphertext at run time.

This turned up on a straight google:
http://www.ruby-talk.org/cgi-bin/scat.rb/ruby/ruby-talk/112456

Looks like you'll need the openssl for that, though.

Thanks!

-Roy

HTH!
Shajith

Aye--thanks. I actually saw that & followed the openssl rabbit down
the hole until I got to the whole "here's the source--get you a
compiler & have at it" part.

I need to run my script from several computers, all of which are
scheduled for OS upgrades (read: hd wipes) in the near future. So I
was hoping for something that comes right out of the box w/ruby, so I
wouldn't have to remember where I got something & how I installed it.

But this is pretty low-priority stuff--I'm just trying to keep out the
shoulder-surfers. So if I have to do base64, that's far from tragic.

So is this a good place to agitate/whine for the inclusion of some of
the all-ruby crypto algorithms out there in the standard lib? Maybe
nothing's ready for prime-time? Maybe it's better to try to get it in
the windows one-click installer, on the theory that the unixies (and
macsters?) all have openssl?

Thanks all,

-Roy

Dunno about that, but there seem to be some entries under the
Cryptography category in RAA[1], some of them pure ruby(like
ruby-aes).

Of course, nothing would beat having a pure-ruby crypto lib in the
standard distribution.

HTH!
Shajith

1: http://raa.ruby-lang.org/cat.rhtml?category_major=Library;category_minor=Cryptography

rpardee@comcast.net wrote:

Aye--thanks. I actually saw that & followed the openssl rabbit down
the hole until I got to the whole "here's the source--get you a
compiler & have at it" part.

I need to run my script from several computers, all of which are
scheduled for OS upgrades (read: hd wipes) in the near future. So I
was hoping for something that comes right out of the box w/ruby, so I
wouldn't have to remember where I got something & how I installed it.

The one-click installer for windows comes with openssl builtin. From
the release notes:

Contents: Version:
-------- --------
Ruby 1.8.2
RubyGems 0.8.3
Tcl/Tk 1.8.1
SciTE 1.59
FreeRIDE 0.9.2
HelpFile 3a
FXRuby 1.2.2
GLUT 3.7.6
OpenGL 0.23b
OpenSSL 0.9.7e
Expat 1.95.7
XMLParser 0.6.8
HTMLParser 19990912p2
zlib-lib 1.2.1
ZLib 0.6.0
RubyDBI 0.0.23
DBD/ODBC 0.994
DBD/oracle 0.2.11
RubyMock 1.1
SWin 040314
VRuby 040306
log4r 1.0.5

Regards,

Dan

Hmmm... confusing. I do find files called ssl.rb here:

"C:\Program Files\Ruby\lib\ruby\1.8\webrick\ssl.rb"

and

"C:\Program Files\Ruby\lib\ruby\1.8\drb\ssl.rb"

And I've even got an OpenSSL folder under Samples. But none of the
samples seem to work, and irb says:

irb(main):001:0> require 'openssl'
LoadError: No such file to load -- openssl
        from (irb):1:in `require'
        from (irb):1

Any advice? Maybe I need to re-install?

Thanks!

-Roy

Daniel Berger wrote:

rpardee@comcast.net wrote:

Hmmm... confusing. I do find files called ssl.rb here:

"C:\Program Files\Ruby\lib\ruby\1.8\webrick\ssl.rb"

and

"C:\Program Files\Ruby\lib\ruby\1.8\drb\ssl.rb"

And I've even got an OpenSSL folder under Samples. But none of the
samples seem to work, and irb says:

irb(main):001:0> require 'openssl'
LoadError: No such file to load -- openssl
        from (irb):1:in `require'
        from (irb):1

Any advice? Maybe I need to re-install?

Works for me:

irb(main):001:0> require "openssl"
=> true

Looks like either you have an old version of the installer or it got
borked somehow. A "ruby -v" should return the following:

ruby 1.8.2 (2004-12-25) [i386-mswin32]

My suggestion is to grab the latest installer and re-install.

Regards,

Dan

Bingo--that did it. Many thanks!