Ruby String.crypt method

Question

Which hash algorithm does Ruby's String.crypt method use? When used in conjunction with a salt, is this secure enough for hashing passwords?

Answer 1

No

---

It uses the C library crypt() which is based on DES. This is a fast cipher.^1.

It's not ideal for hashing passwords. The algorithm is reasonable as a cryptosystem although rather short on key length which is a problem for passwords. However, it has an even more fundamental weakness: it's too fast.

Good password hashing functions have a somewhat odd cipher requirement: they need algorithms that fundamentally require many complex operations, not just a handful of XOR ops and some table lookups like DES does.

It is, btw, almost always a bad idea to roll your own password system. It's better to use existing packages on the theory that these have been subject to review. It requires a certain amount of subject matter expertise to cook up a good one.

And finally, you have asked a question that our fearless leader here on SO has written about! See: The Dirty Truth About Web Passwords.

---

^{1. Note that even if it were implemented in Ruby the speed would still be a problem: it's fundamentally a fast algorithm so an attacker could use his own implementation for key searching.}

Answer 2

Correct me if I'm wrong but it only uses the first 8 bytes of the string, which means your passwords using crypt can't be longer than 8 bytes.

Here's an example in the irb

"special-special-special-special-special-special-special-special-special-special-special-special-special-special-special-special-".crypt("1234567890123456123456789012345612345678901234561234567890123456")
=> "12mJsn4TDq.Gw"
"special-".crypt("1234567890123456123456789012345612345678901234561234567890123456")
=> "12mJsn4TDq.Gw"
"special".crypt("1234567890123456123456789012345612345678901234561234567890123456")
=> "127X5bTSGngyI"