will java messagedigest generated different MD5 hash on different jdk version?

Asked 3/8, 2011 at 15:3 Answered 3/8, 2011 at 15:13

I am using java message digest to create MD5 hash, which is used for authentication. The MD5 hash is stored in the database as varchar2. I did a test to create a user on my tomcat server on my local laptop. When I deployed the war to the test tomcat server on linux redhat, the authentication failed due to hash unmatched. I checked the user name and password: they are all correct. Both web server points to the same database.

I suspect the hash generated on my local laptop is different from the one generated by the test server. Am I right?

Below is the code with which I generated the hash.

public static String getMD5Hash(String str) throws Exception
{
    MessageDigest md = MessageDigest.getInstance("MD5");

    md.update(str.getBytes());
    return new String(md.digest());
}

The String returned will be saved in the database table, which is defined below

create table authen(
   passport varchar2(50),
   constraint pk_au primary key (passport) USING INDEX TABLESPACE xxxxxxx
);

Here is the java version output on my laptop

C:\Users\XXXX>java -version
java version "1.6.0_25"
Java(TM) SE Runtime Environment (build 1.6.0_25-b06)
Java HotSpot(TM) Client VM (build 20.0-b11, mixed mode, sharing)

Here is the java version output on the redhat server

[xxxxxx@xxxxxxxxx ~]$ java -version
java version "1.6.0_20"
Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
Java HotSpot(TM) Client VM (build 16.3-b01, mixed mode, sharing)

Lampkin answered 3/8, 2011 at 15:3 Comment(2)

i suspect the hash generated on my local laptop is different from the one generated by the test server. Am i right? No, you are not. – Cancer 3/8, 2011 at 15:15

If it really is different, this would be an important bug in the implementation. Show your code, then we can help you find the reason. – Frontispiece 3/8, 2011 at 15:19

Its possible that you are using the default character set to generate the bytes you are passing into the MD5.digest() method and that character set is different between your laptop and server.

That could be a reason why you are seeing different results. Otherwise, its not possible for it to generate different results.

For example --

byte[] bytesOfMessage = tempStr.getBytes("UTF-8"); // Maybe you're not using a charset here
MessageDigest md5 = MessageDigest.getInstance("MD5");
byte[] theDigest = md5.digest(bytesOfMessage);

Careycarfare answered 3/8, 2011 at 15:13 Comment(1)

You can use Charset.defaultCharset().toString() to find out which character set is the default on each machine. See this question for more info. – Fairbanks 3/8, 2011 at 15:50

Only if you feed different data into the MD5 digest. Once way to do that by accident would be to feed in hashCode values.

There is only one MD5 algorithm, and it will produce the same result everywhere on the same input.

Absquatulate answered 3/8, 2011 at 15:11 Comment(0)

Check whether your hash is salted. Salting means that the password is concatenated to another string, to increase hashing security _{(to undo the effect of rainbow tables)}.

It may be the case that your database hashes are salted: hence the difference between your (unsalted or wrong salted) MD5 hashes.

Every same input to the MD5 algorithm results in the same hash. That's the point of any hashing algorithm.

Birdt answered 3/8, 2011 at 15:12 Comment(0)

Recommended topics

Hot tags