I'm attempting to import scrypted hashes generated by ruby's scrypt into Firebase.
Ruby's scrypt doesn't define (that I can tell) what it's output is. It looks like this:
[1] pry(main)> SCrypt::Password.create("somepassword")
=> "400$8$3a$a5063a5e21eb268f$4e93e29c3511a6e44900c251a11dc4f6db17cfc7f5ae0272a4b6179804474037"
Firebase, on the other hand, expects several inputs described here. They are:
- hash-key (required)
- salt-separator (optional)
- rounds (required)
- mem-cost (required)
- password hash (required)
- password salt (required)
So, how do I map from the scrypted hash to those inputs?
Digging in a bit, if you add a debugger and output this thing then you can see the salt is part of SCrypt::Password's output:
[1] pry(main)> hashed_password = SCrypt::Password.create('somepassword')
400$8$37$7be9f9deb4e3b1ea
=> "400$8$37$7be9f9deb4e3b1ea$8f9d51c642c4a40341613093bde6935cccc7d6af379eedfe900476f3bec6fbde"
[2] pry(main)> split = hashed_password.split('$')
=> ["400", "8", "37", "7be9f9deb4e3b1ea", "8f9d51c642c4a40341613093bde6935cccc7d6af379eedfe900476f3bec6fbde"]
# salt
[3] pry(main)> split[0,4].join('$')
=> "400$8$37$7be9f9deb4e3b1ea"
But we're still missing a few things. IMO, the 'hash-key' is the biggest question mark. Scrypt (the gem) doesn't get initialized anywhere - so there's no key stored specific to my application. It also doesn't appear to be part of the hashed output - so it's not stored with that either. That said, Firebase expects it as a command line arg, which implies it's re-used for every password, and thus some kind of global setting. Those don't seem to add up.
