Class | Password |
In: |
rbcrack.c
lib/password.rb |
Parent: | String |
Ruby/Password is a collection of password handling routines for Ruby, including an interface to CrackLib for the purposes of testing password strength.
require 'password' # Define and check a password in code pw = Password.new( "bigblackcat" ) pw.check # Get and check a password from the keyboard begin password = Password.get( "New password: " ) password.check rescue Password::WeakPassword => reason puts reason retry end # Automatically generate and encrypt a password password = Password.phonemic( 12, Password:ONE_CASE | Password::ONE_DIGIT ) crypted = password.crypt
VERSION | = | '0.5.3' | ||
DES | = | true | DES algorithm | |
MD5 | = | false | MD5 algorithm (see crypt(3) for more information) | |
ONE_DIGIT | = | 1 | This flag is used in conjunction with Password.phonemic and states that a password must include a digit. | |
ONE_CASE | = | 1 << 1 | This flag is used in conjunction with Password.phonemic and states that a password must include a capital letter. | |
PASSWD_CHARS | = | '0123456789' + 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' + 'abcdefghijklmnopqrstuvwxyz' | Characters that may appear in generated passwords. Password.urandom may also use the characters + and /. | |
SALT_CHARS | = | '0123456789' + 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' + 'abcdefghijklmnopqrstuvwxyz' + './' | Valid salt characters for use by Password#crypt. |
Turn local terminal echo on or off. This method is used for securing the display, so that a soon to be entered password will not be echoed to the screen. It is also used for restoring the display afterwards.
If masked is true, the keyboard is put into unbuffered mode, allowing the retrieval of characters one at a time. masked has no effect when on is false. You are unlikely to need this method in the course of normal operations.
Get a password from STDIN, using buffered line input and displaying message as the prompt. No output will appear while the password is being typed. Hitting [Enter] completes password entry. If STDIN is not connected to a tty, no prompt will be displayed.
Get a password from STDIN in unbuffered mode, i.e. one key at a time. message will be displayed as the prompt and each key press with echo mask to the terminal. There is no need to hit [Enter] at the end.
Generate a memorable password of length characters, using phonemes that a human-being can easily remember. flags is one or more of Password::ONE_DIGIT and Password::ONE_CASE, logically OR‘ed together. For example:
pw = Password.phonemic( 8, Password::ONE_DIGIT | Password::ONE_CASE )
This would generate an eight character password, containing a digit and an upper-case letter, such as Ug2shoth.
This method was inspired by the pwgen tool, written by Theodore Ts‘o.
Generated passwords may contain any of the characters in Password::PASSWD_CHARS.
Generate a random password of length characters. Unlike the Password.phonemic method, no attempt will be made to generate a memorable password. Generated passwords may contain any of the characters in Password::PASSWD_CHARS.
An alternative to Password.random. It uses the /dev/urandom device to generate passwords, returning nil on systems that do not implement the device. The passwords it generates may contain any of the characters in Password::PASSWD_CHARS, plus the additional characters + and /.
check(dict=nil)
This interfaces to LibCrack to check the strength of the password. If dict is given, it is the path to the CrackLib dictionary, minus the file’s extension. For example, if the dictionary is located at /usr/lib/cracklib_dict.pwd, dict would be /usr/lib/cracklib_dict. If it is not given, the dictionary found at build time will be used.
If a path is given that does not lead to a legible dictionary, a Password::DictionaryError exception is raised. On success, true is returned. On failure, a Password::WeakPassword exception is raised.