This is one of the weirdest I’ve seen. There’s some legacy code I’m maintaining

Question

0

Asked: May 21, 20262026-05-21T16:53:48+00:00 2026-05-21T16:53:48+00:00

This is one of the weirdest I’ve seen. There’s some legacy code I’m maintaining

0

This is one of the weirdest I’ve seen. There’s some legacy code I’m maintaining that generates a digest:

require 'digest/sha1'
def encrypt(password, salt)
  Digest::SHA2.hexdigest("--#{salt}--#{password}--")
end

I call that method with “hello” and “world” as the parameters and I get this:

15ea8ac62708f3810b720b25dd6febe9d0ddc1ed

But if I do this directly:

Digest::SHA2.hexdigest("--world--hello--")

I get:

c95b3d8968d8044c42ff650ade81315ab9adf120e2b62a637e64fa362cb828dd

Excuse my french, but WTF?!

Is there some sort of setting for Digest::SHA2 that I should be looking for? What could be triggering the disparity?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-21T16:53:49+00:00

I think your first code is actually:

def encrypt(password, salt)
  Digest::SHA1.hexdigest("--#{salt}--#{password}--")
end

…because:

irb> Digest::SHA1.hexdigest '--world--hello--'
#=> "15ea8ac62708f3810b720b25dd6febe9d0ddc1ed"
irb> Digest::SHA2.hexdigest '--world--hello--'
#=> "c95b3d8968d8044c42ff650ade81315ab9adf120e2b62a637e64fa362cb828dd"

So perhaps the code you put in your question is not the code that is actually in your application, or someone else is redefining encrypt the exact same way, but using SHA1, or you have made your changes in code but are still using old/cached code without realizing it.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

This is one of the weirdest I’ve seen. There’s some legacy code I’m maintaining

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply