RMX-OS's Ruby password enrcyption ported to C#

Started by Ryex, October 13, 2009, 08:13:26 pm

Previous topic - Next topic

Ryex


    def encrypt_password(password)
      code = password.hash
      code += (1 << 32) if code < 0
      return code.to_s(16).upcase
    end

that's the code in ruby how would i replicate it in c# so I can properly register users in my GUI
I no longer keep up with posts in the forum very well. If you have a question or comment, about my work, or in general I welcome PM's. if you make a post in one of my threads and I don't reply with in a day or two feel free to PM me and point it out to me.<br /><br />DropBox, the best free file syncing service there is.<br />

fugibo

October 13, 2009, 08:19:24 pm #1 Last Edit: October 13, 2009, 08:23:26 pm by Longfellow
Quote from: Ryexander on October 13, 2009, 08:13:26 pm

   def encrypt_password(password)
     code = password.hash
     code += (1 << 32) if code < 0
     return code.to_s(16).upcase
   end

that's the code in ruby how would i replicate it in c# so I can properly register users in my GUI


For one, you should use
code |= ~ 1
to make sure the hash is positive. Which I'm not sure you need to do anyway, because .to_s should do that on its own (I think). No idea what I was thinking, that would NOT work.

As for the main question, you should just search for hashing and number-to-string conversion (which I know you could use sprintf for, at least) in C#.

Blizzard

October 13, 2009, 08:23:42 pm #2 Last Edit: October 13, 2009, 08:25:22 pm by Blizzard
There's a slight little problem. I don't know if C# uses the exact same hash function for hash values as Ruby does. So it's probable that it's impossible (except if you run Ruby through C#).

Basically I take the hash value of the actual password. The value is a signed 32 bit integer. The second line just adds 232 if the value if less than 0. This is how the value is turned into an unsigned 32 bit integer transparently. The last step turns it into a string using base 16 so I get a hex values string. I also make it upper case in the 3rd line.

So...


    def encrypt_password(password)
      code = password.hash # signed 32 bit int hash value
      code += (1 << 32) if code < 0 # turn into unsigned 32 bit int
      return code.to_s(16).upcase # turn into hex string in upper case
    end

Check out Daygames and our games:

King of Booze 2      King of Booze: Never Ever
Drinking Game for Android      Never have I ever for Android
Drinking Game for iOS      Never have I ever for iOS


Quote from: winkioI do not speak to bricks, either as individuals or in wall form.

Quote from: Barney StinsonWhen I get sad, I stop being sad and be awesome instead. True story.

fugibo

Quote from: Blizzard on October 13, 2009, 08:23:42 pm
There's a slight little problem. I don't know if C# uses the exact same hash function for hash values as Ruby does. So it's probable that it's impossible (except if you run Ruby through C#).

Basically I take the hash value of the actual password. The value is a signed 32 bit integer. The second line just adds 232 if the value if less than 0. This is how the value is turned into an unsigned 32 bit integer transparently. The last step turns it into a string using base 16 so I get a hex values string. I also make it upper case in the 3rd line.

So...


    def encrypt_password(password)
      code = password.hash # signed 32 bit int hash value
      code += (1 << 32) if code < 0 # turn into unsigned 32 bit int
      return code.to_s(16).upcase # turn into hex string in upper case
    end




Ah, so it's YOUR code... that makes sense.

*looks up Ruby's hash function*

Looks like it either uses Perl's or ElfHash, if that helps.

Blizzard

October 13, 2009, 08:33:25 pm #4 Last Edit: October 13, 2009, 08:36:03 pm by Blizzard
I originally used it right off the bat, but then I had to define the password length in the SQL database a 9 characters because of the minus character. I decided to make it unsigned so it can be 8 characters. I also prefer upper case hex so I made that as well. xD

I'm still thinking about maybe using crypt. :/ It's definitely safer and the algorithm used in crypt is known. But I can't remember anymore why I decided not to use it. I know exactly that I had a very, very good reason (except for complete database corruption and the need to register all accounts again or give everybody new passwords).
Check out Daygames and our games:

King of Booze 2      King of Booze: Never Ever
Drinking Game for Android      Never have I ever for Android
Drinking Game for iOS      Never have I ever for iOS


Quote from: winkioI do not speak to bricks, either as individuals or in wall form.

Quote from: Barney StinsonWhen I get sad, I stop being sad and be awesome instead. True story.

Ryex

ok..
so I made a simple ruby script to try and replicate by saving the pasword i want to a file loading the file with a ruby script and then writing the encrypted password to another file then loading it again

ruby script

load './pasword.pas'

def encrypt_password(password)
  code = password.hash
  code += (1 << 32) if code < 0
  return code.to_s(16).upcase
end

begin
  pass = encrypt_password(PASSWORD)
  file = File.open('encrypt_password.txt', 'a+')
  file.write(pass + "\n")
  file.close
end


pasword.pas file

PASSWORD = 'getback'


result after running script several times...

C8D6FB55
E0AD1A31
325B2CAD
DF08E937
1F7A9FC
CC9A3CD4
CCFCB1F8
E9C7B007
2E8FB2DE
1248704A
C19163D1
D6813324
D86924A8
ED44E5B
348958F7
E65BCFF8
C7615076
39262DAF
197C2020
F2AAAB24
3A2A8DD3
CC8C6AC2
E991DE83
3B0480CA
37C6E323
57D129E
D93CACB6
DC8F7A4E
33F2172C
F8238D52
9B3A429
945527B
3B51F9F9
3FD8AC41
1D93A17C
DAF423DA
EABCFACF


if every one of them is different how can i be sure that the person will be able to log in?
I no longer keep up with posts in the forum very well. If you have a question or comment, about my work, or in general I welcome PM's. if you make a post in one of my threads and I don't reply with in a day or two feel free to PM me and point it out to me.<br /><br />DropBox, the best free file syncing service there is.<br />

fugibo

Something's up with your script, I just tested this myself:

collin@~ : 08:25 PM : 1 $ irb
>> 'help'.hash.to_s(16).upcase
=> "19B46EB5"
>> exit
collin@~ : 08:25 PM : 2 $ irb
>> 'help'.hash.to_s(16).upcase
=> "19B46EB5"
>> 'help'.hash.to_s(16).upcase
=> "19B46EB5"
>> exit

Ryex

October 13, 2009, 09:37:15 pm #7 Last Edit: October 13, 2009, 09:44:50 pm by Ryexander


C:\Users\Ben>irb
irb(main):001:0> 'help'.hash.to_s(16).upcase
=> "-278C037C"
irb(main):002:0> 'help'.hash.to_s(16).upcase
=> "-278C037C"
irb(main):003:0> 'help'.hash.to_s(16).upcase
=> "-278C037C"
irb(main):004:0>

closed the irb and ran it again


C:\Users\Ben>irb
irb(main):001:0> 'help'.hash.to_s(16).upcase
=> "1F1B8609"
irb(main):002:0> 'help'.hash.to_s(16).upcase
=> "1F1B8609"
irb(main):003:0>


the hell?
I no longer keep up with posts in the forum very well. If you have a question or comment, about my work, or in general I welcome PM's. if you make a post in one of my threads and I don't reply with in a day or two feel free to PM me and point it out to me.<br /><br />DropBox, the best free file syncing service there is.<br />

fugibo

...wow. Your install is effed up, that's all I can say.

Ryex

October 13, 2009, 09:48:06 pm #9 Last Edit: October 13, 2009, 09:58:13 pm by Ryexander
it's not just me i bet try it again on your irb and compare the value the one you had before.
also mods please split this question form the topic into a new topic called "RMX-OS development questions" or something like it. i didn't realize how far off this topic's topic this question was going to be

EDIT: I had JC run the same code and he too gets a different hex value every time he opens and closes the irb!
I no longer keep up with posts in the forum very well. If you have a question or comment, about my work, or in general I welcome PM's. if you make a post in one of my threads and I don't reply with in a day or two feel free to PM me and point it out to me.<br /><br />DropBox, the best free file syncing service there is.<br />

fugibo

Quote from: Ryexander on October 13, 2009, 09:48:06 pm
it's not just me i bet try it again on your irb and compare the value the one you had before.
also mods please split this question form the topic into a new topic called "RMX-OS development questions" or something like it. i didn't realize how far off this topic's topic this question was going to be

EDIT: I had JC run the same code and he too gets a different hex value every time he opens and closes the irb!


I run the Mac version, which is native. I'm betting it has something funny to do with the Windows version. Either way, it's really weird. 0_o

Ryex

October 13, 2009, 10:38:18 pm #11 Last Edit: October 13, 2009, 10:58:17 pm by Ryexander
I ran this in the RMXP interrupter

PASSWORD = 'getback'

def encrypt_password(password)
 code = password.hash
 if code < 0
   code += (1 << 32) if code < 0
 end
 return code.to_s(16).upcase
end

begin
 pass = PASSWORD.hash.to_s(16).upcase
 file = File.open('encrypt_password.txt', 'a+')
 file.write(pass + "\n")

 file.close
end
exit

result what the every entry in the file was the same



EDIT: i found the problem :<_<: http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/335744 it's because that's how ruby 1.9 dose it...
grrr... looks like I won't be able to create a new user reregistration tool unless blizz changes his encrypt_password method...  :<_<:
I no longer keep up with posts in the forum very well. If you have a question or comment, about my work, or in general I welcome PM's. if you make a post in one of my threads and I don't reply with in a day or two feel free to PM me and point it out to me.<br /><br />DropBox, the best free file syncing service there is.<br />

Blizzard

Hm... RMXP uses Ruby 1.8.x. and there it's constant so that one is working right. Alright, looks like I'll have to resort to crypt anyway. That sucks. I wanted to keep the encryption simple. :/
Check out Daygames and our games:

King of Booze 2      King of Booze: Never Ever
Drinking Game for Android      Never have I ever for Android
Drinking Game for iOS      Never have I ever for iOS


Quote from: winkioI do not speak to bricks, either as individuals or in wall form.

Quote from: Barney StinsonWhen I get sad, I stop being sad and be awesome instead. True story.

Ryex

I no longer keep up with posts in the forum very well. If you have a question or comment, about my work, or in general I welcome PM's. if you make a post in one of my threads and I don't reply with in a day or two feel free to PM me and point it out to me.<br /><br />DropBox, the best free file syncing service there is.<br />

Blizzard

I have changed it to use String#crypt, but I haven't released that version yet. Just google for more info. Also, I remove the first two characters of the generated string because they are equal to the salt string that was used to generate that string.
Check out Daygames and our games:

King of Booze 2      King of Booze: Never Ever
Drinking Game for Android      Never have I ever for Android
Drinking Game for iOS      Never have I ever for iOS


Quote from: winkioI do not speak to bricks, either as individuals or in wall form.

Quote from: Barney StinsonWhen I get sad, I stop being sad and be awesome instead. True story.

Ryex

unfortunately I'm having a hard time finding out how the crypt function works. all the ruby documentation tells me is that it is an one way hash encryption algorithm that employs the standard library function crypt. but nothing seems to tel me what the standard baryon function crypt is... I did find some sites linking Crypt to the unix crypt function and crypt(3) what ever those are...
I no longer keep up with posts in the forum very well. If you have a question or comment, about my work, or in general I welcome PM's. if you make a post in one of my threads and I don't reply with in a day or two feel free to PM me and point it out to me.<br /><br />DropBox, the best free file syncing service there is.<br />

Blizzard

Try to find a semantical match then. It generates a 13 character sequence that has the first two characters equal to the 2-character salt. Or you can take a look at the Ruby source, it's Open Source after all. Maybe you can figure it out.
Check out Daygames and our games:

King of Booze 2      King of Booze: Never Ever
Drinking Game for Android      Never have I ever for Android
Drinking Game for iOS      Never have I ever for iOS


Quote from: winkioI do not speak to bricks, either as individuals or in wall form.

Quote from: Barney StinsonWhen I get sad, I stop being sad and be awesome instead. True story.

Ryex

well this is ther source of the string#crypt method but I don't have a clue what it is doing.

Spoiler: ShowHide



/*
*  call-seq:
*     str.crypt(other_str)   => new_str

*  Applies a one-way cryptographic hash to <i>str</i> by invoking the standard
*  library function <code>crypt</code>. The argument is the salt string, which
*  should be two characters long, each character drawn from
*  <code>[a-zA-Z0-9./]</code>.
*/

static VALUE
rb_str_crypt(str, salt)
    VALUE str, salt;
{
    extern char *crypt _((const char *, const char*));
    VALUE result;
    const char *s;

    StringValue(salt);
    if (RSTRING(salt)->len < 2)
        rb_raise(rb_eArgError, "salt too short(need >=2 bytes)");

    if (RSTRING(str)->ptr) s = RSTRING(str)->ptr;
    else s = "";
    result = rb_str_new2(crypt(s, RSTRING(salt)->ptr));
    OBJ_INFECT(result, str);
    OBJ_INFECT(result, salt);
    return result;
}


I no longer keep up with posts in the forum very well. If you have a question or comment, about my work, or in general I welcome PM's. if you make a post in one of my threads and I don't reply with in a day or two feel free to PM me and point it out to me.<br /><br />DropBox, the best free file syncing service there is.<br />

Blizzard

Some info: http://stackoverflow.com/questions/1898659/ruby-stringcrypt-in-c-and-php <- String#crypt() uses a Unix DES algorithm.
C# Implementation: http://www.codeproject.com/KB/cs/unixcrypt.aspx <- Looks like you have to register before you can download the source.
Check out Daygames and our games:

King of Booze 2      King of Booze: Never Ever
Drinking Game for Android      Never have I ever for Android
Drinking Game for iOS      Never have I ever for iOS


Quote from: winkioI do not speak to bricks, either as individuals or in wall form.

Quote from: Barney StinsonWhen I get sad, I stop being sad and be awesome instead. True story.

Ryex

I no longer keep up with posts in the forum very well. If you have a question or comment, about my work, or in general I welcome PM's. if you make a post in one of my threads and I don't reply with in a day or two feel free to PM me and point it out to me.<br /><br />DropBox, the best free file syncing service there is.<br />