473,326 Members | 2,048 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Does MD5 work cross-platform?

I'm trying to store user passwords in a MySQL database. I learned the
hard way that using MySQL "DECODE" and "ENCODE" doesn't seem to work
cross-platform, but if I encrypt on the server side with PHP's md5
function, will it work cross-platform (or cross-processor?)

Thank you for any advice
Nov 23 '07 #1
12 3503
Acrobatic wrote:
I'm trying to store user passwords in a MySQL database. I learned the
hard way that using MySQL "DECODE" and "ENCODE" doesn't seem to work
cross-platform, but if I encrypt on the server side with PHP's md5
function, will it work cross-platform (or cross-processor?)

Thank you for any advice
It should be cross platform, as far as I know.
Nov 23 '07 #2
On Fri, 23 Nov 2007 16:47:23 +0100, Acrobatic <jb****@gmail.comwrote:
I'm trying to store user passwords in a MySQL database. I learned the
hard way that using MySQL "DECODE" and "ENCODE" doesn't seem to work
cross-platform, but if I encrypt on the server side with PHP's md5
function, will it work cross-platform (or cross-processor?)
md5 should even be cross-language/script. A Perl md5 = a PHP md5 = aMySQL
md5 = a JAVA md5.

You can't decrypt/decode it though (well, at least not practically).
--
Rik Wasmus
Nov 23 '07 #3
Rik Wasmus emailed this:
On Fri, 23 Nov 2007 16:47:23 +0100, Acrobatic <jb****@gmail.comwrote:
>I'm trying to store user passwords in a MySQL database. I learned the
hard way that using MySQL "DECODE" and "ENCODE" doesn't seem to work
cross-platform, but if I encrypt on the server side with PHP's md5
function, will it work cross-platform (or cross-processor?)

md5 should even be cross-language/script. A Perl md5 = a PHP md5 = a
MySQL md5 = a JAVA md5.
Yes. MD5 is a standard hash function, unless all software implementations
of MD5 provide exactly the same result, its use is pretty much pointless.
The only reason why one version of MD5 could give a different result from
another is if one of them has not implemented the algorithm correctly, in
which case it is not an implementation of MD5 at all but is a flawed
variation of it.

More Info.:
http://en.wikipedia.org/wiki/Md5
Nov 23 '07 #4
On Nov 23, 8:47 am, Acrobatic <jbn...@gmail.comwrote:
I'm trying to store user passwords in a MySQL database. I learned the
hard way that using MySQL "DECODE" and "ENCODE" doesn't seem to work
cross-platform, but if I encrypt on the server side with PHP's md5
function, will it work cross-platform (or cross-processor?)

Thank you for any advice
Not exactly your question, but an often useful tidbit none-the-less:

On a linux server, if you want to generate an md5hash
from the command line, that would duplicate what would also
be generated from php, you have to remember to echo -n
(print to the console without a newline at the end of your string).
I do this, for instance, when manually adding new users into
an authentication database.

`echo -n obama` produces the same hash as md5("obama") in php.

`echo obama` does not......
Nov 23 '07 #5
On Nov 23, 11:47 am, salmobytes <Sandy.Pittendr...@gmail.comwrote:
On Nov 23, 8:47 am, Acrobatic <jbn...@gmail.comwrote:
I'm trying to store user passwords in a MySQL database. I learned the
hard way that using MySQL "DECODE" and "ENCODE" doesn't seem to work
cross-platform, but if I encrypt on the server side with PHP's md5
function, will it work cross-platform (or cross-processor?)
Thank you for any advice

Not exactly your question, but an often useful tidbit none-the-less:

On a linux server, if you want to generate an md5hash
from the command line, that would duplicate what would also
be generated from php, you have to remember to echo -n
(print to the console without a newline at the end of your string).
I do this, for instance, when manually adding new users into
an authentication database.

`echo -n obama` produces the same hash as md5("obama") in php.

`echo obama` does not......
echo -n obama | md5sum that is
Nov 23 '07 #6
Matthew wrote:
Yes. MD5 is a standard hash function, unless all software implementations
of MD5 provide exactly the same result, its use is pretty much pointless.
The only reason why one version of MD5 could give a different result from
another is if one of them has not implemented the algorithm correctly, in
which case it is not an implementation of MD5 at all but is a flawed
variation of it.
Well, in a language that uses null-terminated strings, a case could be
made for or against including the null in the hash's input string. This
could lead to two possible results for one input.

Also, although it's customary to hex-encode the output of an MD5 hash (as
PHP's md5() function does), it could be shown in decimal, octal or some
other base, in which case, although the result would be the same, it would
*look* very different, and a simple string comparison would class them as
different. Also even with hex-encoded MD5s, you need to make sure that the
comparison is case-insensitive.

--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.17.14-mm-desktop-9mdvsmp, up 1 day, 6 min.]

It'll be in the Last Place You Look
http://tobyinkster.co.uk/blog/2007/11/21/no2id/
Nov 23 '07 #7
Rik Wasmus wrote:
You can't decrypt/decode it though (well, at least not practically).
Well, you can't at all, because for any given MD5 hash, there are infinite
possible inputs which could have generated it. So even if you manage to
find an input which produces that value as its output (which is more or
less an enormous brute-force search), you can't be sure that it's the same
as the original input.

--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.17.14-mm-desktop-9mdvsmp, up 1 day, 9 min.]

It'll be in the Last Place You Look
http://tobyinkster.co.uk/blog/2007/11/21/no2id/
Nov 23 '07 #8
Toby, I think you are mistaken.
In theory, every md5 hash is unique. An md5 hash is bound to a single
unique input. If a brute-force matches a has, THAT is the original
input.

Regards,
Kailash Nadh
http://kailashnadh.name

On Nov 23, 7:13 pm, Toby A Inkster <usenet200...@tobyinkster.co.uk>
wrote:
Rik Wasmus wrote:
You can't decrypt/decode it though (well, at least not practically).

Well, you can't at all, because for any given MD5 hash, there are infinite
possible inputs which could have generated it. So even if you manage to
find an input which produces that value as its output (which is more or
less an enormous brute-force search), you can't be sure that it's the same
as the original input.

--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.17.14-mm-desktop-9mdvsmp, up 1 day, 9 min.]

It'll be in the Last Place You Look
http://tobyinkster.co.uk/blog/2007/11/21/no2id/
Nov 26 '07 #9
On Mon, 26 Nov 2007 04:22:41 +0100, Kailash Nadh <ka**********@gmail.com>
wrote:
On Nov 23, 7:13 pm, Toby A Inkster <usenet200...@tobyinkster.co.uk>
wrote:
>Rik Wasmus wrote:
You can't decrypt/decode it though (well, at least not practically).

Well, you can't at all, because for any given MD5 hash, there are
infinite
possible inputs which could have generated it. So even if you manage to
find an input which produces that value as its output (which is more or
less an enormous brute-force search), you can't be sure that it's the
same
as the original input.
Toby, I think you are mistaken.
In theory, every md5 hash is unique. An md5 hash is bound to a single
unique input. If a brute-force matches a has, THAT is the original
input.
No, Toby is right: different input can generate the same output (if not,
we would have found a great ZIP functionality, didn't we? If we can md5 a
file, and every md5 is unique yet limited to a certain length, you could
put all books into one file, and md5 it. If a md5 is unique, it is
reversable.). Brute force cracking involves guessing at original input
length & propability of input. It can be done (with 'propabilities of
input', it's not something hackers would like to spend their CPU cycles on
though.
--
Rik Wasmus
Nov 26 '07 #10
Kailash Nadh wrote:
On Nov 23, 7:13 pm, Toby A Inkster <usenet200...@tobyinkster.co.uk>
wrote:
>Rik Wasmus wrote:
>>You can't decrypt/decode it though (well, at least not practically).
Well, you can't at all, because for any given MD5 hash, there are infinite
possible inputs which could have generated it. So even if you manage to
find an input which produces that value as its output (which is more or
less an enormous brute-force search), you can't be sure that it's the same
as the original input.

--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.17.14-mm-desktop-9mdvsmp, up 1 day, 9 min.]

It'll be in the Last Place You Look
http://tobyinkster.co.uk/blog/2007/11/21/no2id/


Toby, I think you are mistaken.
In theory, every md5 hash is unique. An md5 hash is bound to a single
unique input. If a brute-force matches a has, THAT is the original
input.

Regards,
Kailash Nadh
http://kailashnadh.name
(Top posting fixed)

Wrong. A MD5 hash results in a 32 byte value. Theoretically there are
a (near) infinite number of hashes which can be resolved to a the same
hash. If it were unique, it would be the best compression algorithm
known to programmers.

And please don't top post. Thanks.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Nov 26 '07 #11
On Nov 26, 4:08 am, Jerry Stuckle <jstuck...@attglobal.netwrote:
KailashNadhwrote:
On Nov 23, 7:13 pm, Toby A Inkster <usenet200...@tobyinkster.co.uk>
wrote:
Rik Wasmus wrote:
You can't decrypt/decode it though (well, at least not practically).
Well, you can't at all, because for any given MD5 hash, there are infinite
possible inputs which could have generated it. So even if you manage to
find an input which produces that value as its output (which is more or
less an enormous brute-force search), you can't be sure that it's the same
as the original input.
--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.17.14-mm-desktop-9mdvsmp, up 1 day, 9 min.]
It'll be in the Last Place You Look
http://tobyinkster.co.uk/blog/2007/11/21/no2id/
Toby, I think you are mistaken.
In theory, every md5 hash is unique. An md5 hash is bound to a single
unique input. If a brute-force matches a has, THAT is the original
input.
>
Regards,
>KailashNadh
>http://kailashnadh.name
>

(Top posting fixed)

Wrong. A MD5 hash results in a 32 byte value. Theoretically there are
a (near) infinite number of hashes which can be resolved to a the same
hash. If it were unique, it would be the best compression algorithm
known to programmers.

And please don't top post. Thanks.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
Ah, my mistake.

Regards,
Kailash Nadh
http://kailashnadh.name
Nov 26 '07 #12
Kailash Nadh wrote:
In theory, every md5 hash is unique. An md5 hash is bound to a single
unique input. If a brute-force matches a has, THAT is the original
input.
As everyone else has pointed out, MD5s are not unique. Here's a thought
experiment which proves it.

An MD5 is a 128-bit number. Thus there are 2^128 possible MD5 outputs.

If we consider all possible files of length 17 bytes (136 bits), then
you'll notice that there are 2^136 possible MD5 inputs.

Now, (2^136)/(2^128) = 2^8 = 256. Which means that for every MD5 input,
there are (on average) 256 different files of length 17 bytes which can
produce that result.

And that's just collisions with files of length 17 bytes. When you
consider files with length 18 bytes, there are over 65000 collisions for
each MD5 result. Imagine how many possible collisions there are with files
in the kilobyte or megabyte size range!

--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.17.14-mm-desktop-9mdvsmp, up 2 days, 14:54.]

It'll be in the Last Place You Look
http://tobyinkster.co.uk/blog/2007/11/21/no2id/
Nov 27 '07 #13

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Web Science | last post by:
Site and Features: http://www.eigensearch.com Search engine, eigenMethod, eigenvector, mathematical, manifolds, science, technical, search tools, eigenmath, Jacobian, quantum, mechanics,...
28
by: jonjon | last post by:
Hi, I want to be able to define the right property of my absolute positionned elements... for example if a button is 50px left and 150px right, it will resize when the page is resized. This is...
2
by: John | last post by:
The following code works OK in IE 6.0 but does not work in Netscape 7. The image does not shift when one scrolls down but stays stationary in Netscape. Please help Thank you John function...
5
by: Silvio Matthes | last post by:
Hello, I'm new to the list and did not find a suitable answer to my question so here it is: I try to select the rows of a table where the content of a varchar-column is empty ('') and...
1
by: nd02tsk | last post by:
Hello Does PostgreSQL provide anything comparable with the functionality of MySQL Cluster? I appreciate all information. Thank you. Tim
9
by: william | last post by:
You guys are a great resource for learners such as I. I have seen the way that you go over and above in explaining even the most mudane things to beginners, and I think it is a great thing that...
0
by: venkatbo | last post by:
Hi, I'm trying to cross compile a C extension - on a i686 linux box, targeting a ppc-linux box. get_config_vars(*args): global _config_vars if _config_vars is None: ... else:
14
by: webEater | last post by:
I have a problem, it's not browser specific, and I don't get a solution. I have an (X)HTML document, I show you a part of it: .... <!--<div class="pad">--> <div id="eventImages"><img src=""...
30
by: lovecreatesbea... | last post by:
K&R says the following in the preface to the first edition, "... the C compiler, and ... are written in C." I'm wondering, does it say even the first / original C compiler was written in C?
1
by: kevin bailey | last post by:
I have used the PEAR Auth package to successfully set up authentication. <code> // Details of where the authentication details are stored. $options = array( 'dsn'...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.