Results 1 to 2 of 2

Thread: md5 strips arbitrary 0

  1. Dec 17th, 2008, 02:19 PM #1
    kfcSmitty
    kfcSmitty is offline

    Thread Starter
    PowerPoster kfcSmitty's Avatar
    Join Date
    May 2005
    Posts
    2,248

    md5 strips arbitrary 0

    Hi guys, I've been working with some people and they needed a basic md5 encryption of a number (plus a salt) to authenticate our users with their system.

    So I quickly Googled md5 encryptions in java and I got the below code

    java Code:
    1. String sessionid = valueSentIn + "saltvalue";

    2.  
    3. byte[] defaultBytes = sessionid.getBytes();

    4.             MessageDigest algorithm = MessageDigest.getInstance("MD5");

    5.             algorithm.reset();

    6.             algorithm.update(defaultBytes);

    7.             byte messageDigest[] = algorithm.digest();

    8.                     

    9.             StringBuffer hexString = new StringBuffer();

    10.             for (int i=0;i<messageDigest.length;i++) {

    11.                 hexString.append(Integer.toHexString(0xFF & messageDigest[i]));

    12.             }           

    13.             

    14.             return hexString.toString();

    The above code works about 50% of the time. The other 50% of the time, it trims out a random 0 somewhere in the output. The 0 can be anywhere and I wasn't able to find anything on Googling the error.

    The representative I talked to (I had assumed the error was on their end, and the information was missing from their system) had mentioned that Java had a flaw with md5 that they knew about. The code they proposed I use is below.

    java Code:
    1. String sessionid = valueSentIn + "saltvalue";

    2. MessageDigest md;

    3. md = MessageDigest.getInstance("MD5");

    4. md.update(sessionid.getBytes());

    5. return convertToHex(md.digest());


    java Code:
    1. public static String convertToHex(byte[] data) {

    2.         StringBuffer buf = new StringBuffer();

    3.         for (int i = 0; i < data.length; i++) {

    4.             int halfbyte = (data[i] >>> 4) & 0x0F;

    5.             int two_halfs = 0;

    6.             do {

    7.                 if ((0 <= halfbyte) && (halfbyte <= 9))

    8.                     buf.append((char) ('0' + halfbyte));

    9.                 else

    10.                     buf.append((char) ('a' + (halfbyte - 10)));

    11.                 halfbyte = data[i] & 0x0F;

    12.             } while(two_halfs++ < 1);

    13.         }

    14.         return buf.toString();

    15.     }

    The only thing I can find that is different is that the 2nd set of code seems to be looking for a "halfbyte."

    I was hoping someone here could explain to me, in a little more detail:

    #1 why the first code stripped out the random value
    and
    #2 what the major difference between the code is

    Any information at all would be extremely helpful.
    Reply With Quote Reply With Quote
  2. Dec 18th, 2008, 02:04 AM #2
    ComputerJy
    ComputerJy is offline
    Arabic Poster ComputerJy's Avatar
    Join Date
    Nov 2005
    Location
    Happily misplaced
    Posts
    2,513

    Re: md5 strips arbitrary 0

    http://www.twmacinta.com/myjava/fast_md5.php
    "I'm not normally a praying man, but if you're up there, save me... Superman!" - Homer Simpson
    My Blog
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width