Recommended two-way encryption gems for Ruby?
I'd recommend Shuber's Encryptor - it wraps the OpenSSL library so you can use anything it supports.
Encryption-Decryption in Rails
SHA1 is a one way function you can't reverse it.
This may be of interest re password resets:
http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic/
If you want to do encryption/decryption then you should use something like AES. Once you start using encryption/decryption, however, you'll also have to start worrying about key management too.
Regarding your comment to the OP below - if you are going to to be storing CC info, I would advise you get a security person in who knows about crypto, key management etc and who also understands the relevant legal and regulatory aspects.
Encrypting (not hashing) and storing user passwords on a rails server, using devise cookies
If your server is going to be handling the password in plaintext (to talk to the other server with Basic auth), you're going to gain access to the password. Perhaps you want to avoid storing the password in plaintext?
Send the password in plain text to the server, which then encrypts it, stores the encrypted version and adds a cookie to the client with the key. Then any future requests provide the key to the server.
If you're looking for an encryption library, Recommended two-way encryption gems for Ruby?
Simple Encryption in Ruby without external gems
The solution is kind of from scratch but based on this: https://math.stackexchange.com/questions/9508/looking-for-a-bijective-discrete-function-that-behaves-as-chaotically-as-possib
The simplest way presented is using a * x + b (mod 2^n)
Obviously this is no real encryption and really only useful if you want to create sequential coupon codes without using much code.
So to implement this, you first need to pick a, b and n. (a must be odd) For example a=17
, b=37
and n=27
. Also we need to find "a^(-1)
" on "mod 2^n". It's possible to do this on https://www.wolframalpha.com using the ExtendedGcd function:
So the inverse of a
is therefore 15790321
. Putting all this together:
A=17
B=37
A_INV=15790321
def encrypt(x)
(A*x+B)%(2**27)
end
def decrypt(y)
((y-B)*A_INV)%(2**27)
end
And now you can do:
irb(main):038:0> encrypt(4)
=> 105
irb(main):039:0> decrypt(105)
=> 4
Obviously we want the coupon codes to look cool. So 2 extra things are needed: start the sequence at 4000 or so, so the codes are longer. Also convert them into something alpha-numeric, that's also an easy one with Ruby:
irb(main):050:0> decrypt("1ghx".to_i(36))
=> 4000
irb(main):051:0> encrypt(4000).to_s(36)
=> "1ghx"
One nice additional property is that consecutive numbers are different enough that guessing is practically impossible. Of course we assume that the users are not crypto analysts and if someone indeed guesses a valid number, it's not the end of the world: :-)
irb(main):053:0> encrypt(4001).to_s(36)
=> "1gie"
irb(main):054:0> decrypt("1gie".to_i(36))
=> 4001
Let's try to naively "hack" it by counting from 1gie
to 1gif
:
irb(main):059:0* decrypt("1gif".to_i(36))
=> 15794322
That's completely out of range, there are just 2000 or so coupons anyways - not a million. :-) Also if I remember correctly one can experiment a bit with the parameters, so subsequent numbers look more chaotic.
(Pick a larger n
for longer codes and vice-versa. Base 36
means 6
bits are needed for each character ("Math.log(36, 2)
"). So n=27
allows for up to 5 characters.)
Related Topics
Regex to Validate String Having Only Characters (Not Special Characters), Blank Spaces and Numbers
Exception_Notification for Delayed_Job
Rails Initializes Extremely Slow on Ruby 1.9.1
In Ruby or Rails, Why Is "Include" Sometimes Inside the Class and Sometimes Outside the Class
How to Set Environment Variable Using Chef
Ruby: How to Write a Bang Method, Like Map
Problem with Rspec Test, Undefined Method 'Post'
Require': Cannot Load Such File -- Spec_Helper (Loaderror)
Ruby - Extracting the Unique Values Per Key from an Array of Hashes
Ubuntu 12.10 - Ruby Gem Rmagick Missing Dependency Issue
Sidekiq Worker Not Getting Triggered
Get Response Headers from Curb
Is Getting Converted as "\U0092" by Nokogiri in Ruby on Rails
Programmatically Derive a Regular Expression from a String