By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,987 Members | 971 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,987 IT Pros & Developers. It's quick & easy.

Simple MD5 Hash - Different output on different OS

P: n/a
Hi All,

Should an md5 hash of the same string output the same hash on Windows
and Unix?

I downloaded md5.c from http://www.advogato.org/article/830.html and
compiled it on windows via cygwin and compiled it on Solaris 10.

Windows/Cygwin
$ ./md5.exe -s password
5f4dcc3b5aa765d61d8327deb882cf99

Solaris
bash-3.00$ ./md5 -s password
a4d85586adcf1688d921e38312c7e437

Thanks for your time
Kind regards
Danny
Nov 20 '08 #1
Share this Question
Share on Google+
10 Replies


P: n/a
On 20 Nov, 10:16, Smurff <danny.kell...@gmail.comwrote:
Hi All,

Should an md5 hash of the same string output the same hash on Windows
and Unix?

I downloaded md5.c fromhttp://www.advogato.org/article/830.htmland
compiled it on windows via cygwin and compiled it on Solaris 10.

Windows/Cygwin
$ ./md5.exe -s password
5f4dcc3b5aa765d61d8327deb882cf99

Solaris
bash-3.00$ ./md5 -s password
a4d85586adcf1688d921e38312c7e437

Thanks for your time
Kind regards
Danny
It certainly should.. A quick perusal of the webpage reveals that md5 -
t runs a self test, try this and see which version fails!
Nov 20 '08 #2

P: n/a
On Nov 20, 11:48*am, SozzlyJoe <capcl...@gmail.comwrote:
On 20 Nov, 10:16, Smurff <danny.kell...@gmail.comwrote:


Hi All,
Should an md5 hash of the same string output the same hash on Windows
and Unix?
I downloaded md5.c fromhttp://www.advogato.org/article/830.htmland
compiled it on windows via cygwin and compiled it on Solaris 10.
Windows/Cygwin
$ ./md5.exe -s password
5f4dcc3b5aa765d61d8327deb882cf99
Solaris
bash-3.00$ ./md5 -s password
a4d85586adcf1688d921e38312c7e437
Thanks for your time
Kind regards
Danny

It certainly should.. A quick perusal of the webpage reveals that md5 -
t runs a self test, try this and see which version fails!- Hide quoted text -

- Show quoted text -
Thanks for the reply. You were right, the test on cygwin did infact
complete ok but on solaris I recieved this:

d41d8cd98f00b204e9800998ecf8427e << Expected Hash Value
227b7f48d21283f63bc9bbc15b44ea1a << Actual Hash Value
Self Test Failed
md5:007:Test Failure.
Do you believe it is because of this actual implementation and / or
should I look at using something like OpenSSL? Its just that this chap
made this very easy for me :)

Thank you again for your time
Kind regards
Danny
Nov 20 '08 #3

P: n/a
On 20 Nov, 12:02, Smurff <danny.kell...@gmail.comwrote:
On Nov 20, 11:48*am, SozzlyJoe <capcl...@gmail.comwrote:
Do you believe it is because of this actual implementation and / or
should I look at using something like OpenSSL? Its just that this chap
made this very easy for me :)
Not sure, to be honest. What compiler are you using on Solaris? Try
turning on all the warnings and look for anything suspicious.
If your compiler is not gcc, try using that instead.

Nov 20 '08 #4

P: n/a
Smurff wrote:
Hi All,

Should an md5 hash of the same string output the same hash on Windows
and Unix?

I downloaded md5.c from http://www.advogato.org/article/830.html and
compiled it on windows via cygwin and compiled it on Solaris 10.

Windows/Cygwin
$ ./md5.exe -s password
5f4dcc3b5aa765d61d8327deb882cf99

Solaris
bash-3.00$ ./md5 -s password
a4d85586adcf1688d921e38312c7e437

Thanks for your time
The author of the code seems to have been unaware of
"endianness," that is, that different computers arrange
the individual bytes of multi-byte integers in different
ways. He seems also to have been unaware that `unsigned
long' might not be exactly four bytes. In short, you're
dealing with code that makes non-portable assumptions.

--
Eric Sosman
es*****@ieee-dot-org.invalid
Nov 20 '08 #5

P: n/a
On Nov 20, 10:16*am, Smurff <danny.kell...@gmail.comwrote:
Hi All,

Should an md5 hash of the same string output the same hash on Windows
and Unix?

I downloaded md5.c fromhttp://www.advogato.org/article/830.htmland
compiled it on windows via cygwin and compiled it on Solaris 10.
<snip>

Out of interest I did the same and got the same problem. It worked on
a 32-bit system and failed on a 64 bit system. When I changed the
typedef for mULONG from 'unsigned long' to 'unsigned' the program (in
self test mode, -t option) started working on the 64 bit system,
where, incidentally, sizeof(unsigned) == 4 and sizeof(unsigned long)
== 8. I assume it is something about the program, md5, or both, that
requires 32 bit unsigned quantities. The code has a TRANSFORM macro
that suggests as much.

regards,
Stijn
Nov 20 '08 #6

P: n/a
Smurff wrote:
>
I downloaded md5.c from http://www.advogato.org/article/830.html and
compiled it on windows via cygwin and compiled it on Solaris 10.
The code at the link relies critically on the endiannes of the hardware
it is run on. It should work fine on any little-endian hardware, like
x86, but will not work correctly on any big-endian hardware, like Sun.
This is what you observe in your experiments.

They use 'memcpy' to transfer data from the input 'mUCHAR' buffer to the
internal MD5 buffer and then just re-interpret the latter as an 'mULONG'
array for further processing. This can't work as in on a big-endian system.

--
Best regards,
Andrey Tarasevich
Nov 20 '08 #7

P: n/a
Smurff <da***********@gmail.comwrites:
On Nov 20, 11:48*am, SozzlyJoe <capcl...@gmail.comwrote:
>On 20 Nov, 10:16, Smurff <danny.kell...@gmail.comwrote:


Hi All,
Should an md5 hash of the same string output the same hash on Windows
and Unix?
I downloaded md5.c fromhttp://www.advogato.org/article/830.htmland
compiled it on windows via cygwin and compiled it on Solaris 10.
Windows/Cygwin
$ ./md5.exe -s password
5f4dcc3b5aa765d61d8327deb882cf99
Solaris
bash-3.00$ ./md5 -s password
a4d85586adcf1688d921e38312c7e437
Thanks for your time
Kind regards
Danny

It certainly should.. A quick perusal of the webpage reveals that md5 -
t runs a self test, try this and see which version fails!- Hide quoted text -

- Show quoted text -

Thanks for the reply. You were right, the test on cygwin did infact
complete ok but on solaris I recieved this:

d41d8cd98f00b204e9800998ecf8427e << Expected Hash Value
227b7f48d21283f63bc9bbc15b44ea1a << Actual Hash Value
Self Test Failed
md5:007:Test Failure.
Do you believe it is because of this actual implementation and / or
should I look at using something like OpenSSL? Its just that this chap
made this very easy for me :)
It looks like that implementation is buggy, or at best, non-portable.
You shouldn't have too much trouble finding a better one. OpenSSL
probably has a good one, but there should also be standalone
implementations.

Note that if you have a choice, you might be better off using something
like SHA256. MD5 has some known weaknesses.
Nov 20 '08 #8

P: n/a
Nate Eldredge <na**@vulcan.lanwrites:
Smurff <da***********@gmail.comwrites:
>On Nov 20, 11:48*am, SozzlyJoe <capcl...@gmail.comwrote:
>>On 20 Nov, 10:16, Smurff <danny.kell...@gmail.comwrote:
Should an md5 hash of the same string output the same hash on Windows
and Unix?

I downloaded md5.c fromhttp://www.advogato.org/article/830.htmland
compiled it on windows via cygwin and compiled it on Solaris 10.

Windows/Cygwin
$ ./md5.exe -s password
5f4dcc3b5aa765d61d8327deb882cf99

Solaris
bash-3.00$ ./md5 -s password
a4d85586adcf1688d921e38312c7e437
[...]
It looks like that implementation is buggy, or at best, non-portable.
You shouldn't have too much trouble finding a better one. OpenSSL
probably has a good one, but there should also be standalone
implementations.

Note that if you have a choice, you might be better off using something
like SHA256. MD5 has some known weaknesses.
<OT>
Both Cygwin and Solaris have their own "md5sum" command; it doesn't
have the "-s" option, but it's easy enough to do the same thing.
</OT>

--
Keith Thompson (The_Other_Keith) ks***@mib.org <http://www.ghoti.net/~kst>
Nokia
"We must do something. This is something. Therefore, we must do this."
-- Antony Jay and Jonathan Lynn, "Yes Minister"
Nov 20 '08 #9

P: n/a
All,

Thanks for all your comments. The author of the code is in contact
with me and I am happy to test any of his code on my sparc box. In the
mean time I am looking at OpenSSL. There is a lot there and no where
as easy to understand. Im not the greatest programmer :)

If anyone has any links to a standalone version as the one in this
thread then I would be very greatful.

Thanks again guys and have a great weekend
Danny
Nov 21 '08 #10

P: n/a
Smurff <da***********@gmail.comwrites:
Thanks for all your comments. The author of the code is in contact
with me and I am happy to test any of his code on my sparc box. In the
mean time I am looking at OpenSSL. There is a lot there and no where
as easy to understand. Im not the greatest programmer :)

If anyone has any links to a standalone version as the one in this
thread then I would be very greatful.
As I've already mentioned in this thread, there's an "md5sum" command
in both Cygwin and Solaris. A version is part of the GNU coretuils
package.

--
Keith Thompson (The_Other_Keith) ks***@mib.org <http://www.ghoti.net/~kst>
Nokia
"We must do something. This is something. Therefore, we must do this."
-- Antony Jay and Jonathan Lynn, "Yes Minister"
Nov 21 '08 #11

This discussion thread is closed

Replies have been disabled for this discussion.