MD5 password changes checksum when entered into database.
ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Fedora, Debian, OpenSuSE and Android
Posts: 1,820
Rep:
MD5 password changes checksum when entered into database.
When we enter a password into our php/html form, and then submit it to Mysql via an UPDATE query with the value hashed by Md5, the checksum in the database is shorter and completely different than the Md5 checksum that we echo on the page for testing.
My question. If a field length is shorter than the checksum submitted to it, will MySQL alter it or is the change taking place somewhere along the way? Has anyone ever seen this before?
Distribution: Fedora, Debian, OpenSuSE and Android
Posts: 1,820
Original Poster
Rep:
The strange part is it doesn't appear to be truncated as one would expect, it is a completly different checksum. When queried and compared to the longer one they match. This gets more confusing by the minute.
static void MDString (string)
char *string;
{
MD_CTX context;
unsigned char digest[16];
unsigned int len = strlen (string);
MDInit (&context);
MDUpdate (&context, string, len);
MDFinal (digest, &context);
printf ("MD%d (\"%s\") = ", MD, string);
MDPrint (digest);
printf ("\n");
}
/* Prints a message digest in hexadecimal.
*/
static void MDPrint (digest)
unsigned char digest[16];
{
unsigned int i;
for (i = 0; i < 16; i++)
printf ("%02x", digest[i]);
}
unsigned char *digest[16];
Is the datatype - if you convert to signed accidentally you can have problems. Check your code and compiler defaults for signed/unsigned char
I'm assuming that you are using the RSA MD5 algorithm, probably written in C. If you have some other code that calls the RSA code, it may be changing datatypes - what I think is happening.
However, I'm guessing. What I think is happening: one flavor of characters is being seamlessly turned into another flavor of characters
How does the MD5 get generated? Then how do you get it (what datatype) from your php code? Do you do some operation like TO_CHAR() on the data?
Distribution: Fedora, Debian, OpenSuSE and Android
Posts: 1,820
Original Poster
Rep:
We are using whatever the latest version of PHP uses for Md5. We are setting a variable = Md5($password) and then using that to run an update query. We then query the database for the value of the field, which returns a 16 character Md5 checksum.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.