Some time ago i wanted to play with Google Appengine and I made a java website. Now i have the need to get away from it and i would like to migrate to Rails, the website per se is not an issue but in the Java version I used BasicPasswordEncryptor to encrypt my password.
Now I do not know how to get this same hashing on Ruby. The documentation says it’s md5 encryption but the hashes look like
4+RZ+7Vn/ddlNv4rdJeeg…..
All the hashes are 32 characters long but it really doesn’t look like an MD5 hash. Also i do not understand where is the salt stored.
Anyone has any info that could help figuring this out?
Thanks
BasicPasswordEncryptor does following
a) It convert password to byte array
b) It create a random 8 byte salt
c) It passes 1000 times input through md5 with salt
d) It gets MD5 result – 16 bytes
e) It add to this result salt – 8 bytes
f) It base64 encode 24 bytes (MD5 and salt), which as I understand will end up being 32 bytes.
You can look at the source code here:
http://grepcode.com/file/repo1.maven.org/maven2/org.jasypt/jasypt/1.5/org/jasypt/util/password/BasicPasswordEncryptor.java
http://grepcode.com/file/repo1.maven.org/maven2/org.jasypt/jasypt/1.5/org/jasypt/digest/StandardByteDigester.java#StandardByteDigester.digest%28byte%5B%5D%29
So, you will need to have the same things done in Rails (to generate new digested passwords or check old digested passwords).
There is no way to restore original password from a digest (that’s the whole point of digesting).