Add crypt-sha512 utility; minor fixes

mogest / unix-crypt

Performs the UNIX crypt(3) algorithm in Ruby using DES, MD5, SHA256 or SHA512

BSD 3-Clause "New" or "Revised" License

61 stars 6 forks source link

Add crypt-sha512 utility; minor fixes #5

Closed webcoyote closed 11 years ago

webcoyote commented 11 years ago

Some changes I hope you'll like:

Fixed 'require "../lib/unix_crypt"' so it uses File.expand_path, which makes it work on more Rubies
Added crypt-sha512 command-line utility (no additional dependencies required to use except base Ruby)
Added homepage, license to gemspec
Added authorship, contributors to readme
bumped version.

Thanks for creating this gem! I've been using it to create encrypted passwords for virtual machine images for Packer.

mogest commented 11 years ago

Hi webcoyote - thanks for the pull request. I've been thinking about including a command line program for a while now! I think if I include one in the gem it should be able to do all the ciphers that unix-crypt supports, with all the options available (specify salt, specify rounds.) I'd also want a strongly worded warning every time they use the "--password" option! You can overwrite $0 as soon as the program starts to make it slightly less horrifically insecure :)

Would you like me to use your utility as a base and expand on it? Or would you like to work on it yourself?

webcoyote commented 11 years ago

I updated the utility to support the options as you suggested. I'm not sure how you overwrite $0 in the shell history; isn't the command already recorded?

Also, I noticed what I think is a bug: when "rounds" are specified on the command line, don't they need to be encoded in the final output (rounds=...) so that the crypt library knows how many rounds to run when performing a password comparison during login?

mogest commented 11 years ago

Thanks! I've merged that, and then done a bit of rearranging of my own. I'll write some tests for it a bit later but it looks good to go. Would be great if you wanted to have a look at it and comment - I'll push the gem tomorrow.

mogest commented 11 years ago

Oh, I just noticed your comment about rounds= not being included. You're quite right. I was meant to have started work half an hour ago... will check it out tonight.

webcoyote commented 11 years ago

All your changes look great. Incidentally, since you moved the version number into the library itself I'm not sure it is necessary to require 'rubygems' any longer. The only reason I included it was to be able to load the gemspec.

mogest commented 11 years ago

I think earlier versions of Ruby need the rubygems require since it's not automatically required. It doesn't hurt anyway.

Great find on the rounds=X missing! I've committed a fix for that too.

Thanks again!