 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / Security / April 2004MD5 in Java
Hi all, using the following code I get "acbd18db4cc2f85cedef654fccc4a4d8" printed. try { String password = "foo"; MessageDigest md = MessageDigest.getInstance( "MD5" ); md.update( password.getBytes() ); BigInteger hash = new BigInteger( 1, md.digest() ); String hpassword = hash.toString( 16 ); System.out.println(hpassword); } catch(NoSuchAlgorithmException ns) { ns.printStackTrace(); } Using md5sum version 5.2.0 on my Linux box I get "d3b0..." as md5 hash for "foo". What am I missing? The getBytes() from the String returns a correct value (no Unicode problems) Thanks, toffe >What am I missing? Try dumping password as bytes in both cases. Perhaps you are using some exotic character that is getting translated to byte differently in each case. -- Canadian Mind Products, Roedy Green. Coaching, problem solving, economical contract programming. See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. >Try dumping password as bytes in both cases. > >Perhaps you are using some exotic character that is getting translated >to byte differently in each case. I just noticed that you set password to "foo". Hardly exotic. THere is still a translation though, that is set to a variable default encoding. -- Canadian Mind Products, Roedy Green. Coaching, problem solving, economical contract programming. See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. >The getBytes() from the String returns a correct value (no Unicode problems) just to be sure, make this minor mod to your program: import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.math.BigInteger; public class MD5Test { /** * test MD5 digest * * @param args not used */ public static void main ( String[] args ) { try { String password = "foo"; MessageDigest md = MessageDigest.getInstance( "MD5" ); md.update( password.getBytes( "8859_1" ) ); BigInteger hash = new BigInteger( 1, md.digest() ); String hpassword = hash.toString( 16 ); System.out.println(hpassword); } catch ( NoSuchAlgorithmException ns ) { ns.printStackTrace(); } } } -- Canadian Mind Products, Roedy Green. Coaching, problem solving, economical contract programming. See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. > just to be sure, make this minor mod to your program: > > md.update( password.getBytes( "8859_1" ) ); Same as before. What to do? -toffe >Same as before. >What to do? Are these both the same release of Java? Perhaps there was a bug or a change in the definition? Try a longer string. Perhaps the problem only shows up with short strings -- they may pad differently. I'm not sure, but likely BouncyCastle has an MD5 implement ion. You have the advantage that the exact same code would be used on both platforms. See http://mindprod.com/jgloss/bouncycastle.html -- Canadian Mind Products, Roedy Green. Coaching, problem solving, economical contract programming. See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. D3 B0 73 84 D1 13 ED EC 49 EA A6 23 8A D5 FF 00 is a MD5 hash of "foo<lf>" so your Linux implementation is simply adding an extra 0x0A byte to the data that actually gets hashed. Here is a useful tool I wrote to quickly sort out these types of problems, including issues with UNICODE encoded data: http://www.jensign.com/JavaScience/www/messagedigest (there is a JavaPlugin version of above, but the signature verification fails due to some "leaf" verification issues introduced in later versions of 1.4.x - Mitch Gallant > Hi all, > [quoted text clipped - 21 lines] > Thanks, > toffe > using the following code I get "acbd18db4cc2f85cedef654fccc4a4d8" printed. <snip> > Using md5sum version 5.2.0 on my Linux box I get "d3b0..." as md5 hash > for "foo". > > What am I missing? The file containing "foo" that you're running md5sum against has a carriage return at the end. Change the code to: String password = "foo\n"; and it prints: d3b07384d113edec49eaa6238ad5ff00 > Hi all, > > using the following code I get "acbd18db4cc2f85cedef654fccc4a4d8" printed. This is indeed the MD5 hash of "foo". > try { > String password = "foo"; [quoted text clipped - 11 lines] > Using md5sum version 5.2.0 on my Linux box I get "d3b0..." as md5 hash > for "foo". The MD5 hash of "foo\n" is D3B07384 D113EDEC 49EAA623 8AD5FF00. If you did something like echo foo|md5sum then try something like echo -n foo|md5sum --Mike Amling >> using the following code I get "acbd18db4cc2f85cedef654fccc4a4d8" >> printed. > > This is indeed the MD5 hash of "foo". > The MD5 hash of "foo\n" is D3B07384 D113EDEC 49EAA623 8AD5FF00. > If you did something like > > --Mike Amling Thanks to all of you! Me being stupid again! -toffe Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.