de-crypting Ruby password with php.

Hello all, I have a client with an older Rails 1.8 app (was recently
upgraded from 1.6) and I need to integrate a php site to use the same
user login creds.

I'm not very versed with Ruby but I think this is the code that
encrypts the password.

[code]
  # Encrypts some data with the salt.
  def self.encrypt(password, salt)
    Digest::SHA1.hexdigest("--#{salt}--#{password}--")
  end

  # Encrypts the password with the user salt
  def encrypt(password)
    self.class.encrypt(password, salt)
  end[/code]

So.... I have full db access so I have the encrypted passwords and
their associated salts. And I need a php script to verify users. Is
there as way for me to un-encrypt this password via php and the
database that Ruby is using?

Thanks in advance for any guidance or assistance you may be able to
provide.

You shouldn't have to decrypt it. As with the login code in ruby you
compare hash to hash.

Dieter Lunn
http://www.coder2000.ca

exactly, that's what I meant, sorry. Is this just a sha1() hash? I
guess I'm not fully understanding what Ruby is doing here.

Digest::SHA1.hexdigest("--#{salt}--#{password}--")

What is 'hexdigest'?

It is just an SHA1 hash. the hexdigest part is getting the hex
representation of that hash.

Dieter Lunn
http://www.coder2000.ca

Ok, one last question and I think I've got this.

How is Ruby interpreting this string?

"--#{salt}--#{password}--"

For example let's say....
salt = 1234
password = 5678

Is Ruby seeing

"--#{1234}--#{5678}--"

or

"--#1234--#5678--"

or

"--1234--5678--"

This is really just my ignorance of how Ruby interprets variables in
strings. Sorry in advance for the dumb question.

Thanks for your assistance.

Try it in the console and see. (ruby script/console)

Colin

In case you do not have a working Ruby app with a console available
the answer is: "--1234--5678--"

The document on the digest is avaialble here:
http://ruby-doc.org/stdlib/libdoc/digest/rdoc/index.html