de-crypting Ruby password with php.

Hello all, I have a client with an older Rails 1.8 app (was recently upgraded from 1.6) and I need to integrate a php site to use the same user login creds.

I'm not very versed with Ruby but I think this is the code that encrypts the password.

[code]   # Encrypts some data with the salt.   def self.encrypt(password, salt)     Digest::SHA1.hexdigest("--#{salt}--#{password}--")   end

  # Encrypts the password with the user salt   def encrypt(password)     self.class.encrypt(password, salt)   end[/code]

So.... I have full db access so I have the encrypted passwords and their associated salts. And I need a php script to verify users. Is there as way for me to un-encrypt this password via php and the database that Ruby is using?

Thanks in advance for any guidance or assistance you may be able to provide.

You shouldn't have to decrypt it. As with the login code in ruby you compare hash to hash.

Dieter Lunn

exactly, that's what I meant, sorry. Is this just a sha1() hash? I guess I'm not fully understanding what Ruby is doing here.

Digest::SHA1.hexdigest("--#{salt}--#{password}--")

What is 'hexdigest'?

It is just an SHA1 hash. the hexdigest part is getting the hex representation of that hash.

Dieter Lunn

Ok, one last question and I think I've got this.

How is Ruby interpreting this string?

"--#{salt}--#{password}--"

For example let's say.... salt = 1234 password = 5678

Is Ruby seeing

"--#{1234}--#{5678}--"

or

"--#1234--#5678--"

or

"--1234--5678--"

This is really just my ignorance of how Ruby interprets variables in strings. Sorry in advance for the dumb question.

Thanks for your assistance.

Try it in the console and see. (ruby script/console)

Colin

In case you do not have a working Ruby app with a console available the answer is: "--1234--5678--"

The document on the digest is avaialble here: http://ruby-doc.org/stdlib/libdoc/digest/rdoc/index.html