From 8314340384b99eb376ab0ead9ea144ee6a0cbe2f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tomasz=20Wr=C3=B3bel?= <tomekwr@gmail.com>
Date: Fri, 15 Apr 2022 12:51:14 +0200
Subject: [PATCH] Base64 is not privacy

```
Base64.strict_decode64("InByaXZhdGUgbWVzc2FnZSI=--43fc83190b28daf8df04c0b86ff2976931a6dcd2".split("--").first)
#=> "\"private message\""
```
---
 ...2-25-my-favorite-activesupport-features.md | 27 ++++++++++++-------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/posts/2015-02-25-my-favorite-activesupport-features.md b/posts/2015-02-25-my-favorite-activesupport-features.md
index 1c7748b6..d0389df8 100644
--- a/posts/2015-02-25-my-favorite-activesupport-features.md
+++ b/posts/2015-02-25-my-favorite-activesupport-features.md
@@ -286,19 +286,26 @@ You can use it to generate and verify signed messages
 
 ```ruby
 @verifier = ActiveSupport::MessageVerifier.new('s3Krit', serializer: JSON)
-@verifier.generate("private message")
-#=> "InByaXZhdGUgbWVzc2FnZSI=--43fc83190b28daf8df04c0b86ff2976931a6dcd2"
-@verifier.verify("InByaXZhdGUgbWVzc2FnZSI=--43fc83190b28daf8df04c0b86ff2976931a6dcd2")
-#=> "private message"
-
-@verifier.generate("a" => "private message")
-#=> "eyJhIjoicHJpdmF0ZSBtZXNzYWdlIn0=--b253af3e77622f743cf6804c870f4a95cbbd6f00"
-@verifier.verify("eyJhIjoicHJpdmF0ZSBtZXNzYWdlIn0=--b253af3e77622f743cf6804c870f4a95cbbd6f00")
-=> {"a"=>"private message"}
+@verifier.generate("signed message")
+#=> "InNpZ25lZCBtZXNzYWdlIg==--e31182c43a7c13fc8d9affe8c0ed5503f79cc861"
+@verifier.verify("InNpZ25lZCBtZXNzYWdlIg==--e31182c43a7c13fc8d9affe8c0ed5503f79cc861")
+#=> "signed message"
+
+@verifier.generate("a" => "signed message")
+#=> "eyJhIjoic2lnbmVkIG1lc3NhZ2UifQ==--f41b7c9e79e26e528975ee3630f2ad5b8b1267d9"
+@verifier.verify("eyJhIjoic2lnbmVkIG1lc3NhZ2UifQ==--f41b7c9e79e26e528975ee3630f2ad5b8b1267d9")
+=> {"a"=>"signed message"}
+```
+
+Mostly obvious: it's just a signed message, not an encrypted one. You can easily look up the data after it's decoded with Base64:
+
+```
+Base64.strict_decode64("InNpZ25lZCBtZXNzYWdlIg==--e31182c43a7c13fc8d9affe8c0ed5503f79cc861".split("--").first)
+#=> "\"signed message\""
 ```
 
 ## Summary
 
 That's it. You can browse entire ActiveSupport codebase quickly and easily at [github](https://github.com/rails/rails/tree/master/activesupport/lib/active_support)
 
-If you liked it, you may also enjoy [Hidden features of Ruby you may not know about](/2014/07/hidden-features-of-ruby-you-may-dont-know-about/)
\ No newline at end of file
+If you liked it, you may also enjoy [Hidden features of Ruby you may not know about](/2014/07/hidden-features-of-ruby-you-may-dont-know-about/)