Class Password
In: rbcrack.c
Parent: String

Ruby/Password is a collection of password handling routines for Ruby, including an interface to CrackLib for the purposes of testing password strength.

 require 'password'

 # Define and check a password in code
 pw = "bigblackcat" )

 # Get and check a password from the keyboard
   password = Password.get( "New password: " )
 rescue Password::WeakPassword => reason
   puts reason

 # Automatically generate and encrypt a password
 password = Password.phonemic( 12, Password:ONE_CASE | Password::ONE_DIGIT )
 crypted = password.crypt


check   crypt   echo   get   getc   phonemic   random   urandom  

Classes and Modules

Class Password::CryptError
Class Password::DictionaryError
Class Password::WeakPassword


VERSION = '0.5.3'
DES = true   DES algorithm
MD5 = false   MD5 algorithm (see crypt(3) for more information)
ONE_DIGIT = 1   This flag is used in conjunction with Password.phonemic and states that a password must include a digit.
ONE_CASE = 1 << 1   This flag is used in conjunction with Password.phonemic and states that a password must include a capital letter.
PASSWD_CHARS = '0123456789' + 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' + 'abcdefghijklmnopqrstuvwxyz'   Characters that may appear in generated passwords. Password.urandom may also use the characters + and /.
SALT_CHARS = '0123456789' + 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' + 'abcdefghijklmnopqrstuvwxyz' + './'   Valid salt characters for use by Password#crypt.

Public Class methods

Turn local terminal echo on or off. This method is used for securing the display, so that a soon to be entered password will not be echoed to the screen. It is also used for restoring the display afterwards.

If masked is true, the keyboard is put into unbuffered mode, allowing the retrieval of characters one at a time. masked has no effect when on is false. You are unlikely to need this method in the course of normal operations.

Get a password from STDIN, using buffered line input and displaying message as the prompt. No output will appear while the password is being typed. Hitting [Enter] completes password entry. If STDIN is not connected to a tty, no prompt will be displayed.

Get a password from STDIN in unbuffered mode, i.e. one key at a time. message will be displayed as the prompt and each key press with echo mask to the terminal. There is no need to hit [Enter] at the end.

Generate a memorable password of length characters, using phonemes that a human-being can easily remember. flags is one or more of Password::ONE_DIGIT and Password::ONE_CASE, logically OR‘ed together. For example:

 pw = Password.phonemic( 8, Password::ONE_DIGIT | Password::ONE_CASE )

This would generate an eight character password, containing a digit and an upper-case letter, such as Ug2shoth.

This method was inspired by the pwgen tool, written by Theodore Ts‘o.

Generated passwords may contain any of the characters in Password::PASSWD_CHARS.

Generate a random password of length characters. Unlike the Password.phonemic method, no attempt will be made to generate a memorable password. Generated passwords may contain any of the characters in Password::PASSWD_CHARS.

An alternative to Password.random. It uses the /dev/urandom device to generate passwords, returning nil on systems that do not implement the device. The passwords it generates may contain any of the characters in Password::PASSWD_CHARS, plus the additional characters + and /.

Public Instance methods


This interfaces to LibCrack to check the strength of the password. If dict is given, it is the path to the CrackLib dictionary, minus the file’s extension. For example, if the dictionary is located at /usr/lib/cracklib_dict.pwd, dict would be /usr/lib/cracklib_dict. If it is not given, the dictionary found at build time will be used.

If a path is given that does not lead to a legible dictionary, a Password::DictionaryError exception is raised. On success, true is returned. On failure, a Password::WeakPassword exception is raised.

Encrypt a password using type encryption. salt, if supplied, will be used to perturb the encryption algorithm and should be chosen from the Password::SALT_CHARS. If no salt is given, a randomly generated salt will be used.