MD5结果不同
[英]Different MD5 results
问题描述
I am porting an application developed in Java struts to PHP, the database is in MySQL, 
我正在将使用Java struts开发的应用程序移植到PHP,将数据库移植到MySQL中,
The PHP, MySQL or online MD5 produces this for NtbPq : PHP,MySQL或在线MD5会为NtbPq生成此代码:
db94207ab2924504e0f590682645258a
Where as the application has produced this for same password: 当应用程序使用相同的密码生成该密码时:
db94207ab292454e0f590682645258a
^
Notice the missing 1 character. 请注意缺少的1个字符。 Now the Java application works perfectly and logs the user but PHP cannot verify and says it doesn't match with PHP md5 function. 现在,Java应用程序可以完美运行并记录用户,但是PHP无法验证并说它与PHP md5函数不匹配。
Is there any solution I can use 31 char md5 by java to verify in PHP? 有什么解决方案可以通过Java使用31 char md5在PHP中进行验证吗?
EDIT : problem is i have not developed the java application, now there are over 400 users, which i want to port in php, i dont know a thing about java, i just want to veryfy those 31 character md5 in php 编辑:问题是我还没有开发Java应用程序,现在有超过400个用户,我想在php中移植,我对Java不了解,我只想在php中使用这31个字符的md5
3 个解决方案
解决方案1
2 已采纳 2014-07-14 08:25:36
I strongly suspect that the hex conversion you're using in the application is failing if the leading nybble of a byte is 0. This is probably because you've got hex conversion code within the application itself, rather than using a standard library. 我强烈怀疑如果字节的前半字节为0,则您在应用程序中使用的十六进制转换会失败。这可能是因为您在应用程序内部包含了十六进制转换代码,而不是使用标准库。
Solution: find the hex conversion code, rip it out, and use a standard library instead. 解决方案:找到十六进制转换代码,将其切出,然后使用标准库。 For example, as it seems by your comment that it's the Java code which is producing the wrong result (your post isn't very clear) you could use Apache Commons Codec . 例如,从您的评论看来,是Java代码产生了错误的结果(您的帖子不是很清楚),您可以使用Apache Commons Codec 。
As noted in comments, however, it would be worth trying to avoid using MD5 anyway. 但是,正如评论中指出的那样,无论如何都应避免使用MD5。 That may or may not be feasible right now, but it should be on your medium-term roadmap. 目前可能可行,也可能不可行,但这应该在您的中期路线图上。
EDIT: As a temporary measure, you could write your own PHP code to emulate the brokenness. 编辑:作为一种临时措施,您可以编写自己的PHP代码来模拟损坏情况。 Basically, you need to perform the normal MD5 hashing, then take the hex result and remove any '0' from it which occurs in an even position. 基本上,您需要执行常规的MD5哈希处理,然后获取十六进制结果并从中删除出现在偶数位置的所有“ 0”。 So for example "ab0120" would end up as "ab120" - because the first '0' is in position 2, but the last '0' is in position 5. Alternatively, perform the hex conversion yourself, converting one byte at a time and trimming any leading '0' character from each two-character result. 因此,例如“ ab0120”将以“ ab120”结尾-因为第一个“ 0”位于位置2,但最后一个“ 0”位于位置5。或者,您可以自己执行十六进制转换,一次转换一个字节并从每个两个字符的结果中修剪所有前导“ 0”字符。 This code should be removed as quickly as possible, and only used to validate that users with broken stored MD5 hashes are valid. 该代码应尽快删除, 仅用于验证存储的MD5哈希值已损坏的用户是否有效。
解决方案2
0 2014-07-14 08:23:04
I think this could possibly help you: Java md5, the PHP way 我认为这可能对您有帮助: Java md5,PHP方式
Seems to me like the very same problem. 在我看来就像是同样的问题。
解决方案3
0 2014-07-14 08:27:41
Hi what I would do is store the md5 hash in your db and whenever you detect a login of that specific user convert it to PBKDF2 (its more secure). 嗨,我要做的是将md5哈希存储在您的数据库中,每当您检测到该特定用户的登录名时,便将其转换为PBKDF2(它更安全)。 Then you can delete the old md5. 然后,您可以删除旧的md5。
This guide shows you how to do it. 本指南向您展示如何进行。
https://crackstation.net/hashing-security.htm#javasourcecode https://crackstation.net/hashing-security.htm#javasourcecode
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.