Hi guys, I've been working with some people and they needed a basic md5 encryption of a number (plus a salt) to authenticate our users with their system.

So I quickly Googled md5 encryptions in java and I got the below code

java Code:
  1. String sessionid = valueSentIn + "saltvalue";

  2.  
  3. byte[] defaultBytes = sessionid.getBytes();

  4.             MessageDigest algorithm = MessageDigest.getInstance("MD5");

  5.             algorithm.reset();

  6.             algorithm.update(defaultBytes);

  7.             byte messageDigest[] = algorithm.digest();

  8.                     

  9.             StringBuffer hexString = new StringBuffer();

  10.             for (int i=0;i<messageDigest.length;i++) {

  11.                 hexString.append(Integer.toHexString(0xFF & messageDigest[i]));

  12.             }           

  13.             

  14.             return hexString.toString();

The above code works about 50% of the time. The other 50% of the time, it trims out a random 0 somewhere in the output. The 0 can be anywhere and I wasn't able to find anything on Googling the error.

The representative I talked to (I had assumed the error was on their end, and the information was missing from their system) had mentioned that Java had a flaw with md5 that they knew about. The code they proposed I use is below.

java Code:
  1. String sessionid = valueSentIn + "saltvalue";

  2. MessageDigest md;

  3. md = MessageDigest.getInstance("MD5");

  4. md.update(sessionid.getBytes());

  5. return convertToHex(md.digest());


java Code:
  1. public static String convertToHex(byte[] data) {

  2.         StringBuffer buf = new StringBuffer();

  3.         for (int i = 0; i < data.length; i++) {

  4.             int halfbyte = (data[i] >>> 4) & 0x0F;

  5.             int two_halfs = 0;

  6.             do {

  7.                 if ((0 <= halfbyte) && (halfbyte <= 9))

  8.                     buf.append((char) ('0' + halfbyte));

  9.                 else

  10.                     buf.append((char) ('a' + (halfbyte - 10)));

  11.                 halfbyte = data[i] & 0x0F;

  12.             } while(two_halfs++ < 1);

  13.         }

  14.         return buf.toString();

  15.     }

The only thing I can find that is different is that the 2nd set of code seems to be looking for a "halfbyte."

I was hoping someone here could explain to me, in a little more detail:

#1 why the first code stripped out the random value
and
#2 what the major difference between the code is

Any information at all would be extremely helpful.