Solved

MD5 hash differs in Java and PHP

Posted on 2007-12-06
9
5,375 Views
Last Modified: 2008-03-19
I really need halp getting the Java MD5 and PHP MD5 yield the same result.

In PHP I simply use thins: md5($string);

In Java I use this:
try {
                  
                  //get
                  hash = snStr+authStr;
                  byte defaultBytes[] = hash.getBytes();
                  MessageDigest algorithm = MessageDigest.getInstance("MD5");
                  algorithm.reset();
                  algorithm.update(defaultBytes);
                  byte messageDigest[] = algorithm.digest();

                  StringBuffer hexString = new StringBuffer();
                  for (byte aMessageDigest : messageDigest) {
                    // We need to pad small values with an extra zero: http://forum.de.selfhtml.org/archiv/2005/10/t117779/
                    int val = 0xff & aMessageDigest;
                    if (val < 16)
                      hexString.append("0");
                    hexString.append(Integer.toHexString(val));
                  }
                  hash = hexString.toString();
            } catch (NoSuchAlgorithmException nsae) {
                  nsae.printStackTrace();
            }


I have also tried withouth the padding.

The even more strange thing is that for short strings the two MD5:s are the same but if the string to be hashed are longer than around 10 chars I will get two different results

Thank you very much for your help!
0
Comment
Question by:andtor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 86

Accepted Solution

by:
CEHJ earned 84 total points
ID: 20418711
Try
String hash = new java.math.BigInteger(1, messageDigest).toString(16);

Open in new window

0
 
LVL 9

Assisted Solution

by:arioh
arioh earned 83 total points
ID: 20418873
take a look at 2nd comment at http://ru2.php.net/manual/en/function.md5.php
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 20420333
Make sure that the same character encoding is being used in each case. hash.getBytes() will use the encoding of System.getProperty("file.encoding");
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 92

Assisted Solution

by:objects
objects earned 83 total points
ID: 20424080
0
 

Author Comment

by:andtor
ID: 20440416
CEHJ: that yields exactly the same output. When I try System.getProperty("file.encoding"); I get Cp1252 back.

The problem is that the php side is already complete and will not be changed. I can see that MD5(string) has been used and not MD5(string, true). So I really need to make the Java side to create the same output as the php does. Any suggstions on how to do this?


0
 
LVL 92

Expert Comment

by:objects
ID: 20440439
did u try the code i posted?

> byte defaultBytes[] = hash.getBytes();

also try changing that to:

byte defaultBytes[] = hash.getBytes("UTF8");
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 20440509
Can we have some side-by-side examples of input/output on both please
0
 

Author Comment

by:andtor
ID: 20440540
Hello. Have got access to the php code now and can see that the php programmer did not actually follow the specification (did not make all chars to lowercase bfore md5...) Sorry to have bothereed u with this, was extremely painfull to sort out the bug when I could not see the php code.

Please divide the points equally to the once that tried to help me.
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 20440644
>>Please divide the points equally to the once that tried to help me.

You'll have to do that i'm afraid ;-)
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
This tutorial will introduce the viewer to VisualVM for the Java platform application. This video explains an example program and covers the Overview, Monitor, and Heap Dump tabs.
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question