class Net::IMAP::CramMD5Authenticator
Authenticator for the “CRAM-MD5
” SASL mechanism, specified in RFC2195. See Net::IMAP#authenticate
.
Deprecated¶ ↑
CRAM-MD5
is obsolete and insecure. It is included for compatibility with existing servers. draft-ietf-sasl-crammd5-to-historic recommends using SCRAM-*
or PLAIN
protected by TLS instead.
Additionally, RFC8314 discourage the use of cleartext and recommends TLS version 1.2 or greater be used for all traffic. With TLS CRAM-MD5
is okay, but so is PLAIN
Public Class Methods
new(user, password, warn_deprecation: true, **_ignored)
click to toggle source
# File net-imap-0.3.4/lib/net/imap/authenticators/cram_md5.rb, line 24 def initialize(user, password, warn_deprecation: true, **_ignored) if warn_deprecation warn "WARNING: CRAM-MD5 mechanism is deprecated." # TODO: recommend SCRAM end require "digest/md5" @user = user @password = password end
Public Instance Methods
process(challenge)
click to toggle source
# File net-imap-0.3.4/lib/net/imap/authenticators/cram_md5.rb, line 17 def process(challenge) digest = hmac_md5(challenge, @password) return @user + " " + digest end
Private Instance Methods
hmac_md5(text, key)
click to toggle source
# File net-imap-0.3.4/lib/net/imap/authenticators/cram_md5.rb, line 33 def hmac_md5(text, key) if key.length > 64 key = Digest::MD5.digest(key) end k_ipad = key + "\0" * (64 - key.length) k_opad = key + "\0" * (64 - key.length) for i in 0..63 k_ipad[i] = (k_ipad[i].ord ^ 0x36).chr k_opad[i] = (k_opad[i].ord ^ 0x5c).chr end digest = Digest::MD5.digest(k_ipad + text) return Digest::MD5.hexdigest(k_opad + digest) end