Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Note: It's 2017 and if you're looking for a modern and actively maintained Ruby encryption library you should do yourself a favor and check out RbNaCl. Gibberish was started in 2011 when encryption on Ruby was not a trivial matter, however thanks to projects like NaCl and LibSodium that's no longer the case.
NOTICE: Breaking Changes in 2.0
Checkout the Changelog for a full list of changes in 2.0
Ruby 2.0 or later, compiled with OpenSSL support
gem install gibberish
AES encryption with sensible defaults:
cipher = Gibberish::AES.new('p4ssw0rd')
cipher.encrypt("some secret text")
# => Outputs a JSON string containing everything that needs to be saved for future decryption
# Example:
# '{"v":1,"adata":"","ks":256,"ct":"ay2varjSFUMUmtvZeh9755GVyCkWHG0/BglJLQ==","ts":96,"mode":"gcm",
# "cipher":"aes","iter":100000,"iv":"K4ZShCQGL3UZr78y","salt":"diDUzbc9Euo="}'
cipher = Gibberish::AES.new('p4ssw0rd')
cipher.decrypt('{"v":1,"adata":"","ks":256,"ct":"ay2varjSFUMUmtvZeh9755GVyCkWHG0/BglJLQ==","ts":96,"mode":"gcm","cipher":"aes","iter":100000,"iv":"K4ZShCQGL3UZr78y","salt":"diDUzbc9Euo="}')
# => "some secret text"
AES ciphertext from Gibberish is compatible with SJCL, a JavaScript library which works in the browser and Node.js
See the full docs for information on SJCL interoperability.
Prior to Gibberish 2.0, the default encryption mode was CBC. You can still access this by calling it explicitly:
cipher = Gibberish::AES::CBC.new('p4ssw0rd')
cipher.encrypt("Some secret text")
Gibberish::HMAC256("password", "data")
# => "cccf6f0334130a7010d62332c75b53e7d8cea715e52692b06e9cd41b05644be3"
Gibberish::MD5("somedata")
#=> aefaf7502d52994c3b01957636a3cdd2
Gibberish::SHA1("somedata")
#=> efaa311ae448a7374c122061bfed952d940e9e37
Gibberish::SHA224("somedata")
#=> a39b86d838273f5ff4879c26f85e3cb333bb44d73b24f275bad1a6c6
Gibberish::SHA256("somedata")
#=> 87d149cb424c0387656f211d2589fb5b1e16229921309e98588419ccca8a7362
Gibberish::SHA384("somedata")
#=> b6800736973cc061e3efb66a34f8bda8fa946804c6cc4f26a6b9b3950211078801709d0d82707c569a07c8f63c804c87
Gibberish::SHA512("somedata")
#=> a053441b6de662599ecb14c580d6637dcb856a66b2a40a952d39df772e47e98ea22f9e105b31463c5cf2472feae7649464fe89d99ceb6b0bc398a6926926f416
git clone https://github.com/mdp/gibberish.git
cd gibberish
make
make benchmark
# Change the PBKDF2 iterations
ITER=10000 make benchmark
FAQs
Unknown package
We found that gibberish demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.