 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / Security / August 2003MD5 digest length 16 bytes or not?
I am using mysql. As defined by RSA DSI in RFC 1321 http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc1321.html ..'The algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input.' Why is it then that when I use a statement like: USE testdb; INSERT INTO people (name, pass) VALUES('joe', MD5('yojoenotyoyo')); being the field 'pass' defined as VARCHAR(32), the whole field is filled, even though last time I checked 128 bits are 16 bytes? >being the field 'pass' defined as VARCHAR(32), the whole field is >filled, even though last time I checked 128 bits are 16 bytes? What is MD5 producing, a BigInteger, a byte array? Presumably it is getting converted to characters in some way, perhaps base64, hex, each byte -> 1 16-bit char?? -- Canadian Mind Products, Roedy Green. Coaching, problem solving, economical contract programming. See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. You were absolutely right! From: http://www.mysql.com/doc/en/Miscellaneous_functions.html MD5(string) Calculates an MD5 128 bit checksum for the string. The value is returned as a 32 digit hex number that may, for example, be used as a hash key: mysql> SELECT MD5("testing"); -> 'ae2b1fca515949e5d54fb22b8ed95575' What I found confusing was: If mysql can internally handle binary data such as BLOBs and MD5 is supposed to be a one way method anyway (and also the fact that we are talking here about security data) why is it translated to text and stored as such? Forcing Tomcat to keep/handle more data while tracking users? > >being the field 'pass' defined as VARCHAR(32), the whole field is > >filled, even though last time I checked 128 bits are 16 bytes? > > What is MD5 producing, a BigInteger, a byte array? Presumably it is > getting converted to characters in some way, perhaps base64, hex, each > byte -> 1 16-bit char?? >f mysql can internally handle binary >data such as BLOBs and MD5 is supposed to be a one way method anyway >(and also the fact that we are talking here about security data) why >is it translated to text and stored as such? The catch is SQL was originally envisioned as strings of ASCII sentences going back and forth. This allowed platform independence in days when computer architectures could not decide on 1 vs 2 complement, how big a BYTE was etc. Now we are gradually trying to retrofit binary into SQL. The ASCII limitation adds complication and overhead packing and unpacking. At some point we need to invent a BSQL that is designed primarily around binary. Instead of ASCII sentences it would use arrays of tokens for queries. Result set rows would appear as objects. Setter methods on the objects would track changes to the fields automatically. Thus an update could be handled with a simple .update command, that would send back just the fields that had changed. Alternatively, it might work by keeping and old and new version of the row object. For these simple row objects, there could be a more streamlined serialisation protocol that did not need to specify the types of fields, just the raw data. The receiver knows precisely what is coming. -- Canadian Mind Products, Roedy Green. Coaching, problem solving, economical contract programming. See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.