Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > C Programming > Simple MD5 Hash - Different output on different OS

Reply
Thread Tools

Simple MD5 Hash - Different output on different OS

 
 
Smurff
Guest
Posts: n/a
 
      11-20-2008
Hi All,

Should an md5 hash of the same string output the same hash on Windows
and Unix?

I downloaded md5.c from http://www.advogato.org/article/830.html and
compiled it on windows via cygwin and compiled it on Solaris 10.

Windows/Cygwin
$ ./md5.exe -s password
5f4dcc3b5aa765d61d8327deb882cf99

Solaris
bash-3.00$ ./md5 -s password
a4d85586adcf1688d921e38312c7e437

Thanks for your time
Kind regards
Danny
 
Reply With Quote
 
 
 
 
SozzlyJoe
Guest
Posts: n/a
 
      11-20-2008
On 20 Nov, 10:16, Smurff <(E-Mail Removed)> wrote:
> Hi All,
>
> Should an md5 hash of the same string output the same hash on Windows
> and Unix?
>
> I downloaded md5.c fromhttp://www.advogato.org/article/830.htmland
> compiled it on windows via cygwin and compiled it on Solaris 10.
>
> Windows/Cygwin
> $ ./md5.exe -s password
> 5f4dcc3b5aa765d61d8327deb882cf99
>
> Solaris
> bash-3.00$ ./md5 -s password
> a4d85586adcf1688d921e38312c7e437
>
> Thanks for your time
> Kind regards
> Danny


It certainly should.. A quick perusal of the webpage reveals that md5 -
t runs a self test, try this and see which version fails!
 
Reply With Quote
 
 
 
 
Smurff
Guest
Posts: n/a
 
      11-20-2008
On Nov 20, 11:48*am, SozzlyJoe <(E-Mail Removed)> wrote:
> On 20 Nov, 10:16, Smurff <(E-Mail Removed)> wrote:
>
>
>
>
>
> > Hi All,

>
> > Should an md5 hash of the same string output the same hash on Windows
> > and Unix?

>
> > I downloaded md5.c fromhttp://www.advogato.org/article/830.htmland
> > compiled it on windows via cygwin and compiled it on Solaris 10.

>
> > Windows/Cygwin
> > $ ./md5.exe -s password
> > 5f4dcc3b5aa765d61d8327deb882cf99

>
> > Solaris
> > bash-3.00$ ./md5 -s password
> > a4d85586adcf1688d921e38312c7e437

>
> > Thanks for your time
> > Kind regards
> > Danny

>
> It certainly should.. A quick perusal of the webpage reveals that md5 -
> t runs a self test, try this and see which version fails!- Hide quoted text -
>
> - Show quoted text -


Thanks for the reply. You were right, the test on cygwin did infact
complete ok but on solaris I recieved this:

d41d8cd98f00b204e9800998ecf8427e << Expected Hash Value
227b7f48d21283f63bc9bbc15b44ea1a << Actual Hash Value
Self Test Failed
md5:007:Test Failure.


Do you believe it is because of this actual implementation and / or
should I look at using something like OpenSSL? Its just that this chap
made this very easy for me

Thank you again for your time
Kind regards
Danny
 
Reply With Quote
 
SozzlyJoe
Guest
Posts: n/a
 
      11-20-2008
On 20 Nov, 12:02, Smurff <(E-Mail Removed)> wrote:
> On Nov 20, 11:48*am, SozzlyJoe <(E-Mail Removed)> wrote:


> Do you believe it is because of this actual implementation and / or
> should I look at using something like OpenSSL? Its just that this chap
> made this very easy for me


Not sure, to be honest. What compiler are you using on Solaris? Try
turning on all the warnings and look for anything suspicious.
If your compiler is not gcc, try using that instead.

 
Reply With Quote
 
Eric Sosman
Guest
Posts: n/a
 
      11-20-2008
Smurff wrote:
> Hi All,
>
> Should an md5 hash of the same string output the same hash on Windows
> and Unix?
>
> I downloaded md5.c from http://www.advogato.org/article/830.html and
> compiled it on windows via cygwin and compiled it on Solaris 10.
>
> Windows/Cygwin
> $ ./md5.exe -s password
> 5f4dcc3b5aa765d61d8327deb882cf99
>
> Solaris
> bash-3.00$ ./md5 -s password
> a4d85586adcf1688d921e38312c7e437
>
> Thanks for your time


The author of the code seems to have been unaware of
"endianness," that is, that different computers arrange
the individual bytes of multi-byte integers in different
ways. He seems also to have been unaware that `unsigned
long' might not be exactly four bytes. In short, you're
dealing with code that makes non-portable assumptions.

--
Eric Sosman
http://www.velocityreviews.com/forums/(E-Mail Removed)lid
 
Reply With Quote
 
micans@gmail.com
Guest
Posts: n/a
 
      11-20-2008
On Nov 20, 10:16*am, Smurff <(E-Mail Removed)> wrote:
> Hi All,
>
> Should an md5 hash of the same string output the same hash on Windows
> and Unix?
>
> I downloaded md5.c fromhttp://www.advogato.org/article/830.htmland
> compiled it on windows via cygwin and compiled it on Solaris 10.

<snip>

Out of interest I did the same and got the same problem. It worked on
a 32-bit system and failed on a 64 bit system. When I changed the
typedef for mULONG from 'unsigned long' to 'unsigned' the program (in
self test mode, -t option) started working on the 64 bit system,
where, incidentally, sizeof(unsigned) == 4 and sizeof(unsigned long)
== 8. I assume it is something about the program, md5, or both, that
requires 32 bit unsigned quantities. The code has a TRANSFORM macro
that suggests as much.

regards,
Stijn
 
Reply With Quote
 
Andrey Tarasevich
Guest
Posts: n/a
 
      11-20-2008
Smurff wrote:
>
> I downloaded md5.c from http://www.advogato.org/article/830.html and
> compiled it on windows via cygwin and compiled it on Solaris 10.
>


The code at the link relies critically on the endiannes of the hardware
it is run on. It should work fine on any little-endian hardware, like
x86, but will not work correctly on any big-endian hardware, like Sun.
This is what you observe in your experiments.

They use 'memcpy' to transfer data from the input 'mUCHAR' buffer to the
internal MD5 buffer and then just re-interpret the latter as an 'mULONG'
array for further processing. This can't work as in on a big-endian system.

--
Best regards,
Andrey Tarasevich
 
Reply With Quote
 
Nate Eldredge
Guest
Posts: n/a
 
      11-20-2008
Smurff <(E-Mail Removed)> writes:

> On Nov 20, 11:48*am, SozzlyJoe <(E-Mail Removed)> wrote:
>> On 20 Nov, 10:16, Smurff <(E-Mail Removed)> wrote:
>>
>>
>>
>>
>>
>> > Hi All,

>>
>> > Should an md5 hash of the same string output the same hash on Windows
>> > and Unix?

>>
>> > I downloaded md5.c fromhttp://www.advogato.org/article/830.htmland
>> > compiled it on windows via cygwin and compiled it on Solaris 10.

>>
>> > Windows/Cygwin
>> > $ ./md5.exe -s password
>> > 5f4dcc3b5aa765d61d8327deb882cf99

>>
>> > Solaris
>> > bash-3.00$ ./md5 -s password
>> > a4d85586adcf1688d921e38312c7e437

>>
>> > Thanks for your time
>> > Kind regards
>> > Danny

>>
>> It certainly should.. A quick perusal of the webpage reveals that md5 -
>> t runs a self test, try this and see which version fails!- Hide quoted text -
>>
>> - Show quoted text -

>
> Thanks for the reply. You were right, the test on cygwin did infact
> complete ok but on solaris I recieved this:
>
> d41d8cd98f00b204e9800998ecf8427e << Expected Hash Value
> 227b7f48d21283f63bc9bbc15b44ea1a << Actual Hash Value
> Self Test Failed
> md5:007:Test Failure.
>
>
> Do you believe it is because of this actual implementation and / or
> should I look at using something like OpenSSL? Its just that this chap
> made this very easy for me


It looks like that implementation is buggy, or at best, non-portable.
You shouldn't have too much trouble finding a better one. OpenSSL
probably has a good one, but there should also be standalone
implementations.

Note that if you have a choice, you might be better off using something
like SHA256. MD5 has some known weaknesses.
 
Reply With Quote
 
Keith Thompson
Guest
Posts: n/a
 
      11-20-2008
Nate Eldredge <(E-Mail Removed)> writes:
> Smurff <(E-Mail Removed)> writes:
>> On Nov 20, 11:48*am, SozzlyJoe <(E-Mail Removed)> wrote:
>>> On 20 Nov, 10:16, Smurff <(E-Mail Removed)> wrote:
>>> > Should an md5 hash of the same string output the same hash on Windows
>>> > and Unix?
>>>
>>> > I downloaded md5.c fromhttp://www.advogato.org/article/830.htmland
>>> > compiled it on windows via cygwin and compiled it on Solaris 10.
>>>
>>> > Windows/Cygwin
>>> > $ ./md5.exe -s password
>>> > 5f4dcc3b5aa765d61d8327deb882cf99
>>>
>>> > Solaris
>>> > bash-3.00$ ./md5 -s password
>>> > a4d85586adcf1688d921e38312c7e437

[...]
> It looks like that implementation is buggy, or at best, non-portable.
> You shouldn't have too much trouble finding a better one. OpenSSL
> probably has a good one, but there should also be standalone
> implementations.
>
> Note that if you have a choice, you might be better off using something
> like SHA256. MD5 has some known weaknesses.


<OT>
Both Cygwin and Solaris have their own "md5sum" command; it doesn't
have the "-s" option, but it's easy enough to do the same thing.
</OT>

--
Keith Thompson (The_Other_Keith) (E-Mail Removed) <http://www.ghoti.net/~kst>
Nokia
"We must do something. This is something. Therefore, we must do this."
-- Antony Jay and Jonathan Lynn, "Yes Minister"
 
Reply With Quote
 
Smurff
Guest
Posts: n/a
 
      11-21-2008
All,

Thanks for all your comments. The author of the code is in contact
with me and I am happy to test any of his code on my sparc box. In the
mean time I am looking at OpenSSL. There is a lot there and no where
as easy to understand. Im not the greatest programmer

If anyone has any links to a standalone version as the one in this
thread then I would be very greatful.

Thanks again guys and have a great weekend
Danny
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
hash of hash of hash of hash in c++ rp C++ 1 11-10-2011 04:45 PM
create a md5 / md5 passwd with a salt Peter Woodsky Ruby 6 11-21-2008 09:08 AM
Hash#select returns an array but Hash#reject returns a hash... Srijayanth Sridhar Ruby 19 07-02-2008 12:49 PM
md5 from python different then md5 from command line ursache.marius@gmail.com Python 9 05-07-2006 11:49 PM
I remember someone asking about an MD5 javascript: http://pajhome.org.uk/crypt/md5/ Mozzie \( v \) Javascript 0 07-12-2004 01:06 PM



Advertisments