Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

MessageDigest MD5 Algorithm not returning what I expect

Tags:

java

md5

Something in the back of my head is telling me I'm missing something obvious here.

I'm integrating an existing java project with a third-party api that uses an md5 hash of an api key for authentication. It's not working for me, and during debugging I realized that the hashes I'm generating don't match the examples that they've supplied. I've found some websites that create MD5 hashes from strings to check their examples, and as far as I can tell I'm wrong and they're right.

for example, according to this website, the string "hello" generates a hash of "5d41402abc4b2a76b9719d911017c592". (FWIW I don't know anything about this website except that it seems to correctly hash the examples that I have). When I run it through my code I get:

XUFAKrxLKna5cZ2REBfFkg==

Here is the simple method I'm using to generate the md5 hash/string.:

private String md5(String md5Me) throws Exception {
    MessageDigest md = MessageDigest.getInstance("MD5");
    md.reset();
    md.update(md5Me.getBytes("UTF-8"));

    return Base64.encodeBase64String(md.digest());
}

I used a very similar method to successfully authenticate a different API using the SHA1 algorithm last week. I'm wondering if the problem is related to the org.apache.commons.net.util.Base64.encodeBase64String... Any help is greatly appreciated, if only some tests to see if the byteArray is correct but the converted string is wrong.

like image 200
eric Avatar asked Nov 30 '12 19:11

eric

People also ask

What is the purpose of MD5 () function?

What is MD5 used for? MD5 is primarily used to authenticate files. It's much easier to use the MD5 hash to check a copy of a file against an original than to check bit by bit to see if the two copies match. MD5 was once used for data security and encryption, but these days its primary use is authentication.

How do you generate the MD5 hash of a string?

An MD5 hash is created by taking a string of an any length and encoding it into a 128-bit fingerprint. Encoding the same string using the MD5 algorithm will always result in the same 128-bit hash output.

How do MD5 checksums work?

An MD5 checksum is a very reliable way to verify data integrity. The MD5 algorithm takes a file of arbitrary length and produces a 128-bit fingerprint of characters and numbers form that file. It is proposed that it is computationally infeasible to produce two messages having the same output of numbers and characters.

Can MD5 still be used?

Valid Uses for MD5 Remain Despite breaches like those described above, MD5 can still be used for standard file verifications and as a checksum to verify data integrity, but only against unintentional corruption.

2 Answers

for example, according to this website, the string "hello" generates a hash of "5d41402abc4b2a76b9719d911017c592". (FWIW I don't know anything about this website except that it seems to correctly hash the examples that I have). When I run it through my code I get:

XUFAKrxLKna5cZ2REBfFkg==

Both are correct ways of representing the same sixteen-byte hash. 5d41402abc4b2a76b9719d911017c592 represents each byte of the hash as two hexadecimal digits, whereas XUFAKrxLKna5cZ2REBfFkg== uses Base-64 to represent every three bytes of the hash as four characters.

To generate the hexadecimal-version that this third-party API is expecting, you can change this:

Base64.encodeBase64String(md.digest());

to this:

String.format("%032x", new BigInteger(1, md.digest()));

(mostly taken from this StackOverflow answer).

However, you might want to consider using an external library for this. Perception, in a comment above, mentions Apache Commons DigestUtils. If you use that, you'll want the md5hex method.

like image 135
ruakh Avatar answered Nov 15 '22 16:11

ruakh

The md5 Hash algorithm is part of the core java API so there is no need for any external libraries. Here is the method I used to encrypt a password with MD5.

import java.security.MessageDigest;

/**
 * Use to encrypt passwords using MD5 algorithm
 * @param password should be a plain text password.
 * @return a hex String that results from encrypting the given password.
 */
public static String encryptPassword(String password) {
    try {
        MessageDigest md = MessageDigest.getInstance("MD5");
        md.update(password.getBytes());

        byte byteData[] = md.digest();

        StringBuffer hexString = new StringBuffer();
        for (int i=0;i<byteData.length;i++) {
            String hex=Integer.toHexString(0xff & byteData[i]);
            if(hex.length()==1) hexString.append('0');
            hexString.append(hex);
        }
        return hexString.toString();
    }
    catch(java.security.NoSuchAlgorithmException missing) {
        return "Error.";
    }
}
like image 22
Thorn Avatar answered Nov 15 '22 16:11

Thorn
Sign in to Comment

Related questions

How can I get a spring JdbcTemplate to read_uncommitted?
JDBC ResultSet Scroll Sensitive Type and Result Set Scroll Insensitive Type
UDP Hole Punching not possible with mobile provider
Why doesn't DirContext.close() return the LDAP connection to the pool?
Create multiple tables for one class in ORMLite
Jackson - serialize/deserialize property as JSON value
Does camel create a thread for each route
for each loop cannot initialize objects in array [duplicate]
Java 7 keytool Elliptic Curve Encryption
Bit Strings: checking if one bitstring is a subset of another
Method overriding in Java Inheritance
Java - Clone the property inside getter method
Java for-loop best practice
Alternatives to Java string interning
Java Reflection get the Instance from a Field
Varargs with null parameters in Java
Immutable class in java
Regexp to check if code contains non-UTF-8 characters?
SQLite encryption in java using Hibernate
How to Check if A Git Clone Has Been Done Already with JGit

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!