Simple MD5 Hash - Different output on different OS

[Smurff]

Hi All,

Should an md5 hash of the same string output the same hash on Windows
and Unix?

I downloaded md5.c from http://www.advogato.org/article/830.html and
compiled it on windows via cygwin and compiled it on Solaris 10.

Windows/Cygwin
$ ./md5.exe -s password
5f4dcc3b5aa765d61d8327deb882cf99

Solaris
bash-3.00$ ./md5 -s password
a4d85586adcf1688d921e38312c7e437

Thanks for your time
Kind regards
Danny

 

[SozzlyJoe]

Hi All,

Should an md5 hash of the same string output the same hash on Windows
and Unix?

I downloaded md5.c fromhttp://www.advogato.org/article/830.htmland
compiled it on windows via cygwin and compiled it on Solaris 10.

Windows/Cygwin
$ ./md5.exe -s password
5f4dcc3b5aa765d61d8327deb882cf99

Solaris
bash-3.00$ ./md5 -s password
a4d85586adcf1688d921e38312c7e437

Thanks for your time
Kind regards
Danny

It certainly should.. A quick perusal of the webpage reveals that md5 -
t runs a self test, try this and see which version fails!

 

[Smurff]

It certainly should.. A quick perusal of the webpage reveals that md5 -
t runs a self test, try this and see which version fails!- Hide quoted text -

- Show quoted text -

Thanks for the reply. You were right, the test on cygwin did infact
complete ok but on solaris I recieved this:

d41d8cd98f00b204e9800998ecf8427e << Expected Hash Value
227b7f48d21283f63bc9bbc15b44ea1a << Actual Hash Value
Self Test Failed
md5:007:Test Failure.


Do you believe it is because of this actual implementation and / or
should I look at using something like OpenSSL? Its just that this chap
made this very easy for me

Thank you again for your time
Kind regards
Danny

 

[SozzlyJoe]

On Nov 20, 11:48 am, SozzlyJoe <[email protected]> wrote:

Do you believe it is because of this actual implementation and / or
should I look at using something like OpenSSL? Its just that this chap
made this very easy for me

Not sure, to be honest. What compiler are you using on Solaris? Try
turning on all the warnings and look for anything suspicious.
If your compiler is not gcc, try using that instead.

 

[Eric Sosman]

Hi All,

Should an md5 hash of the same string output the same hash on Windows
and Unix?

I downloaded md5.c from http://www.advogato.org/article/830.html and
compiled it on windows via cygwin and compiled it on Solaris 10.

Windows/Cygwin
$ ./md5.exe -s password
5f4dcc3b5aa765d61d8327deb882cf99

Solaris
bash-3.00$ ./md5 -s password
a4d85586adcf1688d921e38312c7e437

Thanks for your time

The author of the code seems to have been unaware of
"endianness," that is, that different computers arrange
the individual bytes of multi-byte integers in different
ways. He seems also to have been unaware that `unsigned
long' might not be exactly four bytes. In short, you're
dealing with code that makes non-portable assumptions.

 

[micans]

Hi All,

Should an md5 hash of the same string output the same hash on Windows
and Unix?

I downloaded md5.c fromhttp://www.advogato.org/article/830.htmland
compiled it on windows via cygwin and compiled it on Solaris 10.

<snip>

Out of interest I did the same and got the same problem. It worked on
a 32-bit system and failed on a 64 bit system. When I changed the
typedef for mULONG from 'unsigned long' to 'unsigned' the program (in
self test mode, -t option) started working on the 64 bit system,
where, incidentally, sizeof(unsigned) == 4 and sizeof(unsigned long)
== 8. I assume it is something about the program, md5, or both, that
requires 32 bit unsigned quantities. The code has a TRANSFORM macro
that suggests as much.

regards,
Stijn

 

[Andrey Tarasevich]

I downloaded md5.c from http://www.advogato.org/article/830.html and
compiled it on windows via cygwin and compiled it on Solaris 10.

The code at the link relies critically on the endiannes of the hardware
it is run on. It should work fine on any little-endian hardware, like
x86, but will not work correctly on any big-endian hardware, like Sun.
This is what you observe in your experiments.

They use 'memcpy' to transfer data from the input 'mUCHAR' buffer to the
internal MD5 buffer and then just re-interpret the latter as an 'mULONG'
array for further processing. This can't work as in on a big-endian system.

 

[Nate Eldredge]

Thanks for the reply. You were right, the test on cygwin did infact
complete ok but on solaris I recieved this:

d41d8cd98f00b204e9800998ecf8427e << Expected Hash Value
227b7f48d21283f63bc9bbc15b44ea1a << Actual Hash Value
Self Test Failed
md5:007:Test Failure.


Do you believe it is because of this actual implementation and / or
should I look at using something like OpenSSL? Its just that this chap
made this very easy for me

It looks like that implementation is buggy, or at best, non-portable.
You shouldn't have too much trouble finding a better one. OpenSSL
probably has a good one, but there should also be standalone
implementations.

Note that if you have a choice, you might be better off using something
like SHA256. MD5 has some known weaknesses.

 

[Keith Thompson]

[...]
It looks like that implementation is buggy, or at best, non-portable.
You shouldn't have too much trouble finding a better one. OpenSSL
probably has a good one, but there should also be standalone
implementations.

Note that if you have a choice, you might be better off using something
like SHA256. MD5 has some known weaknesses.

<OT>
Both Cygwin and Solaris have their own "md5sum" command; it doesn't
have the "-s" option, but it's easy enough to do the same thing.
</OT>

 

[Smurff]

All,

Thanks for all your comments. The author of the code is in contact
with me and I am happy to test any of his code on my sparc box. In the
mean time I am looking at OpenSSL. There is a lot there and no where
as easy to understand. Im not the greatest programmer

If anyone has any links to a standalone version as the one in this
thread then I would be very greatful.

Thanks again guys and have a great weekend
Danny

 

[Keith Thompson]

Thanks for all your comments. The author of the code is in contact
with me and I am happy to test any of his code on my sparc box. In the
mean time I am looking at OpenSSL. There is a lot there and no where
as easy to understand. Im not the greatest programmer

If anyone has any links to a standalone version as the one in this
thread then I would be very greatful.

As I've already mentioned in this thread, there's an "md5sum" command
in both Cygwin and Solaris. A version is part of the GNU coretuils
package.