LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 10-20-2003, 05:02 PM   #1
Pcghost
Senior Member
 
Registered: Feb 2003
Location: The Real Washington
Distribution: Ubuntu, Debian, SuSE, UnSlung, Android
Posts: 1,819

Rep: Reputation: 46
MD5 password changes checksum when entered into database.


When we enter a password into our php/html form, and then submit it to Mysql via an UPDATE query with the value hashed by Md5, the checksum in the database is shorter and completely different than the Md5 checksum that we echo on the page for testing.

My question. If a field length is shorter than the checksum submitted to it, will MySQL alter it or is the change taking place somewhere along the way? Has anyone ever seen this before?
 
Old 10-20-2003, 05:14 PM   #2
Kurt M. Weber
Member
 
Registered: Oct 2003
Distribution: Slackware
Posts: 335

Rep: Reputation: 31
If the field length is to small, the data will be truncated to fit.

Meaning the broken sum stored in the database is useless. You just need to lengthen the field.
 
Old 10-20-2003, 06:26 PM   #3
Pcghost
Senior Member
 
Registered: Feb 2003
Location: The Real Washington
Distribution: Ubuntu, Debian, SuSE, UnSlung, Android
Posts: 1,819

Original Poster
Rep: Reputation: 46
The strange part is it doesn't appear to be truncated as one would expect, it is a completly different checksum. When queried and compared to the longer one they match. This gets more confusing by the minute.
 
Old 10-21-2003, 09:02 AM   #4
jim mcnamara
Member
 
Registered: May 2002
Posts: 964

Rep: Reputation: 34
How did you define the column's datatype with the CREATE statement?
 
Old 10-21-2003, 10:13 AM   #5
Pcghost
Senior Member
 
Registered: Feb 2003
Location: The Real Washington
Distribution: Ubuntu, Debian, SuSE, UnSlung, Android
Posts: 1,819

Original Poster
Rep: Reputation: 46
It is a Varchar(16) field.
 
Old 10-21-2003, 11:04 AM   #6
jim mcnamara
Member
 
Registered: May 2002
Posts: 964

Rep: Reputation: 34
This is from RSA - part of a test suite for md5
Code:
static void MDString (string)
char *string;
{
  MD_CTX context;
  unsigned char digest[16];
  unsigned int len = strlen (string);

  MDInit (&context);
  MDUpdate (&context, string, len);
  MDFinal (digest, &context);

  printf ("MD%d (\"%s\") = ", MD, string);
  MDPrint (digest);
  printf ("\n");
}
/* Prints a message digest in hexadecimal.
 */
static void MDPrint (digest)
unsigned char digest[16];
{

  unsigned int i;

  for (i = 0; i < 16; i++)
 printf ("%02x", digest[i]);
}
unsigned char *digest[16];
Is the datatype - if you convert to signed accidentally you can have problems. Check your code and compiler defaults for signed/unsigned char
 
Old 10-21-2003, 11:37 AM   #7
Pcghost
Senior Member
 
Registered: Feb 2003
Location: The Real Washington
Distribution: Ubuntu, Debian, SuSE, UnSlung, Android
Posts: 1,819

Original Poster
Rep: Reputation: 46
Sorry you lost me. What does that mean in laymans terms?
 
Old 10-21-2003, 11:46 AM   #8
jim mcnamara
Member
 
Registered: May 2002
Posts: 964

Rep: Reputation: 34
I'm assuming that you are using the RSA MD5 algorithm, probably written in C. If you have some other code that calls the RSA code, it may be changing datatypes - what I think is happening.

However, I'm guessing. What I think is happening: one flavor of characters is being seamlessly turned into another flavor of characters

How does the MD5 get generated? Then how do you get it (what datatype) from your php code? Do you do some operation like TO_CHAR() on the data?
 
Old 10-21-2003, 11:48 AM   #9
jim mcnamara
Member
 
Registered: May 2002
Posts: 964

Rep: Reputation: 34
From your original question: Answer: Yes, the change is happening somewhere along the way. I think.
 
Old 10-21-2003, 12:31 PM   #10
Pcghost
Senior Member
 
Registered: Feb 2003
Location: The Real Washington
Distribution: Ubuntu, Debian, SuSE, UnSlung, Android
Posts: 1,819

Original Poster
Rep: Reputation: 46
We are using whatever the latest version of PHP uses for Md5. We are setting a variable = Md5($password) and then using that to run an update query. We then query the database for the value of the field, which returns a 16 character Md5 checksum.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
md5 checksum aruna Rawat Fedora - Installation 2 06-03-2005 10:59 AM
MD5 Checksum hitest Mandriva 7 05-21-2005 06:06 PM
Md5 Checksum dna9 Linux - Newbie 2 12-18-2004 11:11 PM
Fedora MD5 checksum LinuxLala Fedora 4 01-02-2004 02:52 AM
MD5 Checksum codedv Linux - Distributions 5 12-07-2003 08:28 AM


All times are GMT -5. The time now is 09:09 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration