1

This is one of the weirdest I've seen. There's some legacy code I'm maintaining that generates a digest:

require 'digest/sha1'
def encrypt(password, salt)
  Digest::SHA2.hexdigest("--#{salt}--#{password}--")
end

I call that method with "hello" and "world" as the parameters and I get this:

15ea8ac62708f3810b720b25dd6febe9d0ddc1ed

But if I do this directly:

Digest::SHA2.hexdigest("--world--hello--")

I get:

c95b3d8968d8044c42ff650ade81315ab9adf120e2b62a637e64fa362cb828dd

Excuse my french, but WTF?!

Is there some sort of setting for Digest::SHA2 that I should be looking for? What could be triggering the disparity?

Ivan
  • 97,549
  • 17
  • 50
  • 58
  • I just tried `Digest::SHA1.hexdigest` and it spits out the same as the `encrypt` method above... now the question is why!? – Ivan Apr 27 '11 at 18:56

1 Answers1

26

I think your first code is actually:

def encrypt(password, salt)
  Digest::SHA1.hexdigest("--#{salt}--#{password}--")
end

...because:

irb> Digest::SHA1.hexdigest '--world--hello--'
#=> "15ea8ac62708f3810b720b25dd6febe9d0ddc1ed"
irb> Digest::SHA2.hexdigest '--world--hello--'
#=> "c95b3d8968d8044c42ff650ade81315ab9adf120e2b62a637e64fa362cb828dd"

So perhaps the code you put in your question is not the code that is actually in your application, or someone else is redefining encrypt the exact same way, but using SHA1, or you have made your changes in code but are still using old/cached code without realizing it.

Phrogz
  • 296,393
  • 112
  • 651
  • 745
  • Yep, I just searched all the code and sure enough, there's another not so obvious part where the method is redefined... Should've thought of that sooner. Thanks. – Ivan Apr 27 '11 at 19:05