堆栈内存溢出
  简体   繁体   English

MD5编码结果不同

[英]MD5 encoding with different results

 原文  2014-08-14 15:39:48       java/ spring/ security/ md5

问题描述

I've run into this weird issue with MD5 encodings. 我遇到了MD5编码这个奇怪的问题。 Actually, before everyone jumps in to tell me not to use MD5: it's a legacy system and the algorithm has already been chosen. 实际上,在每个人都告诉我不要使用MD5之前:这是一个旧系统,算法已经被选择。

Anyway - I have a MySQL table with the MD5 hashed password stored. 无论如何-我有一个存储了MD5哈希密码的MySQL表。 In the same table, the salt is also stored. 在同一表中,还存储了盐。

I have a test user, whose password is "test" and the salt is "salt" . 我有一个测试用户,其密码为"test" ,盐为"salt" Using MySQLs MD5 function (select md5('testsalt')) , I found the hash to be "315240c61218a4a861ec949166a85ef0" . 使用MySQL的MD5函数(select md5('testsalt')) ,我发现哈希为"315240c61218a4a861ec949166a85ef0" I also verified this expected result with the admin of an external PHP system that sends user information to our system. 我还通过将用户信息发送到我们系统的外部PHP系统的管理员验证了此预期结果。

In one module of the system, we calculate MD5 hashes using this code: 在系统的一个模块中,我们使用以下代码计算MD5哈希值: 

    public static String md5EncryptString(String string, String salt) {
    MessageDigest messageDigest;
    String encryptString = string + salt;
    String result;
    try {
        messageDigest = MessageDigest.getInstance("MD5");
        messageDigest.reset();
        messageDigest.update(encryptString.getBytes(Charset.forName("UTF8")));
        final byte[] resultByte = messageDigest.digest();
        result = new String(Hex.encodeHex(resultByte));
        return result;
    } catch (NoSuchAlgorithmException e) {
        logger.error("NoSuchAlgorithmException in encryptString");
        result = encryptString;
    }
    return result;
}

This method outputs the exact same md5 hash. 此方法输出完全相同的md5哈希值。

I then configured an Md5PasswordEncoder in the Spring security part of this sytem and ran into problems, because it would not let me log in. By extending the Md5PasswordEncoder class and overriding the encodePassword() method with some logging, I was able to determine that it outputs a different md5 hash: "150671e7a5fb8ace58aaa012de7f9b5c" when given the same password ("test") and salt ("salt") . 然后,我在此系统的Spring安全性部分中配置了Md5PasswordEncoder,并遇到了问题,因为它不允许我登录。通过扩展Md5PasswordEncoder类并使用某些日志记录覆盖encodePassword()方法,我能够确定它给定相同的密码("test")和salt ("salt")时,输出不同的md5哈希值:“ 150671e7a5fb8ace58aaa012de7f9b5c”。

Can anyone explain this or give me some hint on what might be causing this? 谁能解释这个问题,或者给我一些暗示可能是什么原因?

1 个解决方案

解决方案1
 6  2014-08-14 15:52:34

According to some sources on Github Spring merges password and salt this way: 根据Github上的一些消息来源,Spring通过这种方式合并密码和盐: 

return password + "{" + salt.toString() + "}";

See method mergePasswordAndSalt(..) in BasePasswordEncoder.java 见方法mergePasswordAndSalt(..)在BasePasswordEncoder.java

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 MD5结果不同 - Different MD5 results Java和JavaScript中不同的md5哈希结果 - Different md5 hash results in Java and JavaScript MD5在PHP和JAVA中给出了不同的结果 - MD5 is giving different results in PHP & JAVA DigestUtils 和 MessageDigest 的 MD5 结果不同 - MD5 results are different between DigestUtils and MessageDigest MD5哈希值不同 - MD5 hash is different MD5散列不同的值 - MD5 hashing different values PHP md5和JAVA md5之间的区别 - Different between PHP md5 and JAVA md5 在为可序列化对象与字符串计算md5时获得不同的结果 - Getting different results while computing md5 for Serializable object vs string MD5对于相同的输入返回不同的值 - MD5 returns different values for the same input Java和C#之间不同的MD5 - Different MD5 between Java and C#
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM