-
Notifications
You must be signed in to change notification settings - Fork 252
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SHA2, :smd5, :sha1 & :ssha1 password generation support #201
base: master
Are you sure you want to change the base?
Conversation
Note that in this pull request, if the password contains accented characters, the following error will be thrown:
There's the option of forcing the encoding of the password to ASCII, but I think the more elegant solution is to use algo = Digest.module_eval(digest.upcase).new
algo.update(str)
algo.update(salt)
"{#{type.upcase}}#{Base64.encode64(algo.digest + salt).chomp}" |
attribute_value = '{SHA}' + Base64.encode64(Digest::SHA1.digest(str)).chomp! | ||
when :ssha | ||
salt = SecureRandom.random_bytes(16) | ||
attribute_value = '{SSHA}' + Base64.encode64(Digest::SHA1.digest(str + salt) + salt).chomp! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we keep the same pattern here without introducing a KNOWN constant? Yes, there is more duplication, but it's simpler to reason about in my opinion and more obvious to grep for than hiding the information via lookups and module_evals
.
@ojab would you like to update this branch and get these other hash algorithms in here now? |
Haven't tested this PR on rubies < 2.2 yet, please consider it RFC.
With this patch net/ldap will support md5, sha, sha1, sha256, sha384, sha512 password schemes (and salted variants).
Given that comment says "I vote no because then should you also provide ssha1 for symmetry?" -- should I remove :sha1/:ssha1 support?
Is the code overall looks ok for you or something should be changed?