i writing basic password cracker md5 hashing scheme against linux /etc/shadow file. when use commons.codec's digestutils or crypt libraries, hash length them different (among other things).
when use crypt.crypt(passwordtohash, "$1$jhe937$") output 22-character string. when use digestutils.md5[hex](passwordtohash + "jhe937")(or java messagedigest class) output 32-character string (after converted). makes no sense me.
aside: there no easy way convert digestutils.md5(passwordtohash)'s byte[] string. i've tried all* ways , non-valid output: nz_èjÓ_µù[î¬y
*all being: `new string(byte[], "utf-8") , convert char string
the executive summary while they'll perform same hashing, output format different between 2 lengths different. read on details.
md5 message digesting algorithm produces 16 byte hash value, (assuming valid input, etc.) bytes aren't printable characters, can take value 0-255 of bytes, while printable characters in ascii in range 32-126.
digestutils.md5(string) generates md5 of string , returns 16 element byte array. digestutils.md5hex(string) convenience wrapper (i'm assuming, haven't looked @ source, that's how i'd write :-) ) around digestutils.md5 takes 16 element byte array md5 produces , base16 encodes (also known hex encoding). replaces each byte equivalent 2 hex characters, why 32 character string out of it.
crypt.crypt uses special format goes original unix method of storing passwords. it's been extended on years use different hash/encryption algorithms, longer salts, , additional features. encodes it's output printable text, length difference coming from. using salt of "$1$...", you're saying use md5, password plus salt hashed using md5, resulting in 16 bytes expected, because bytes aren't printable, hash base64 encoded (using different alphabet standard base64 encoding), replaces 3 bytes 4 printable characters. 16 bytes becomes 16 / 3 * 4 = 21-1/3 characters, rounded 22.
on aside, digestutils.md5 produces 16 bytes, bytes can have value 0 255 , (effectively) random. new string(byte[], "utf-8") says bytes in byte array utf-8 encoding, specific format. new string it's best treat bytes utf-8 encoded string, because they're not, gibberish out. if want printable, you'll have use takes random bytes, not bytes in specific format (like utf-8). 2 popular options base16/hex encoding, can digestutils.md5hex, or base64, can base64.encodebase64string(digestutils.md5(pwd + salt)).
Comments
Post a Comment