Class: Net::IMAP::CramMD5Authenticator
| Relationships & Source Files | |
| Inherits: | Object |
| Defined in: | lib/net/imap/authenticators/cram_md5.rb |
Overview
Authenticator for the “CRAM-MD5” SASL mechanism, specified in RFC2195. See #authenticate.
Deprecated
CRAM-MD5 is obsolete and insecure. It is included for compatibility with existing servers. draft-ietf-sasl-crammd5-to-historic recommends using SCRAM-* or PLAIN protected by TLS instead.
Additionally, RFC8314 discourage the use of cleartext and recommends TLS version 1.2 or greater be used for all traffic. With TLS CRAM-MD5 is okay, but so is PLAIN
Class Method Summary
- .new(user, password, warn_deprecation: true, **_ignored) ⇒ CramMD5Authenticator constructor private
Instance Method Summary
Constructor Details
.new(user, password, warn_deprecation: true, **_ignored) ⇒ CramMD5Authenticator (private)
# File 'lib/net/imap/authenticators/cram_md5.rb', line 24
def initialize(user, password, warn_deprecation: true, **_ignored) if warn_deprecation warn "WARNING: CRAM-MD5 mechanism is deprecated." # TODO: recommend SCRAM end require "digest/md5" @user = user @password = password end
Instance Method Details
#hmac_md5(text, key) (private)
[ GitHub ]# File 'lib/net/imap/authenticators/cram_md5.rb', line 33
def hmac_md5(text, key) if key.length > 64 key = Digest::MD5.digest(key) end k_ipad = key + "\0" * (64 - key.length) k_opad = key + "\0" * (64 - key.length) for i in 0..63 k_ipad[i] = (k_ipad[i].ord ^ 0x36).chr k_opad[i] = (k_opad[i].ord ^ 0x5c).chr end digest = Digest::MD5.digest(k_ipad + text) return Digest::MD5.hexdigest(k_opad + digest) end
#process(challenge)
[ GitHub ]# File 'lib/net/imap/authenticators/cram_md5.rb', line 17
def process(challenge) digest = hmac_md5(challenge, @password) return @user + " " + digest end