Simple MD5 Hash - Different output on different OS

Discussion in 'C Programming' started by Smurff, Nov 20, 2008.

  1. Smurff

    Smurff Guest

    Hi All,

    Should an md5 hash of the same string output the same hash on Windows
    and Unix?

    I downloaded md5.c from http://www.advogato.org/article/830.html and
    compiled it on windows via cygwin and compiled it on Solaris 10.

    Windows/Cygwin
    $ ./md5.exe -s password
    5f4dcc3b5aa765d61d8327deb882cf99

    Solaris
    bash-3.00$ ./md5 -s password
    a4d85586adcf1688d921e38312c7e437

    Thanks for your time
    Kind regards
    Danny
     
    Smurff, Nov 20, 2008
    #1
    1. Advertising

  2. Smurff

    SozzlyJoe Guest

    On 20 Nov, 10:16, Smurff <> wrote:
    > Hi All,
    >
    > Should an md5 hash of the same string output the same hash on Windows
    > and Unix?
    >
    > I downloaded md5.c fromhttp://www.advogato.org/article/830.htmland
    > compiled it on windows via cygwin and compiled it on Solaris 10.
    >
    > Windows/Cygwin
    > $ ./md5.exe -s password
    > 5f4dcc3b5aa765d61d8327deb882cf99
    >
    > Solaris
    > bash-3.00$ ./md5 -s password
    > a4d85586adcf1688d921e38312c7e437
    >
    > Thanks for your time
    > Kind regards
    > Danny


    It certainly should.. A quick perusal of the webpage reveals that md5 -
    t runs a self test, try this and see which version fails!
     
    SozzlyJoe, Nov 20, 2008
    #2
    1. Advertising

  3. Smurff

    Smurff Guest

    On Nov 20, 11:48 am, SozzlyJoe <> wrote:
    > On 20 Nov, 10:16, Smurff <> wrote:
    >
    >
    >
    >
    >
    > > Hi All,

    >
    > > Should an md5 hash of the same string output the same hash on Windows
    > > and Unix?

    >
    > > I downloaded md5.c fromhttp://www.advogato.org/article/830.htmland
    > > compiled it on windows via cygwin and compiled it on Solaris 10.

    >
    > > Windows/Cygwin
    > > $ ./md5.exe -s password
    > > 5f4dcc3b5aa765d61d8327deb882cf99

    >
    > > Solaris
    > > bash-3.00$ ./md5 -s password
    > > a4d85586adcf1688d921e38312c7e437

    >
    > > Thanks for your time
    > > Kind regards
    > > Danny

    >
    > It certainly should.. A quick perusal of the webpage reveals that md5 -
    > t runs a self test, try this and see which version fails!- Hide quoted text -
    >
    > - Show quoted text -


    Thanks for the reply. You were right, the test on cygwin did infact
    complete ok but on solaris I recieved this:

    d41d8cd98f00b204e9800998ecf8427e << Expected Hash Value
    227b7f48d21283f63bc9bbc15b44ea1a << Actual Hash Value
    Self Test Failed
    md5:007:Test Failure.


    Do you believe it is because of this actual implementation and / or
    should I look at using something like OpenSSL? Its just that this chap
    made this very easy for me :)

    Thank you again for your time
    Kind regards
    Danny
     
    Smurff, Nov 20, 2008
    #3
  4. Smurff

    SozzlyJoe Guest

    On 20 Nov, 12:02, Smurff <> wrote:
    > On Nov 20, 11:48 am, SozzlyJoe <> wrote:


    > Do you believe it is because of this actual implementation and / or
    > should I look at using something like OpenSSL? Its just that this chap
    > made this very easy for me :)


    Not sure, to be honest. What compiler are you using on Solaris? Try
    turning on all the warnings and look for anything suspicious.
    If your compiler is not gcc, try using that instead.
     
    SozzlyJoe, Nov 20, 2008
    #4
  5. Smurff

    Eric Sosman Guest

    Smurff wrote:
    > Hi All,
    >
    > Should an md5 hash of the same string output the same hash on Windows
    > and Unix?
    >
    > I downloaded md5.c from http://www.advogato.org/article/830.html and
    > compiled it on windows via cygwin and compiled it on Solaris 10.
    >
    > Windows/Cygwin
    > $ ./md5.exe -s password
    > 5f4dcc3b5aa765d61d8327deb882cf99
    >
    > Solaris
    > bash-3.00$ ./md5 -s password
    > a4d85586adcf1688d921e38312c7e437
    >
    > Thanks for your time


    The author of the code seems to have been unaware of
    "endianness," that is, that different computers arrange
    the individual bytes of multi-byte integers in different
    ways. He seems also to have been unaware that `unsigned
    long' might not be exactly four bytes. In short, you're
    dealing with code that makes non-portable assumptions.

    --
    Eric Sosman
    lid
     
    Eric Sosman, Nov 20, 2008
    #5
  6. Smurff

    Guest

    On Nov 20, 10:16 am, Smurff <> wrote:
    > Hi All,
    >
    > Should an md5 hash of the same string output the same hash on Windows
    > and Unix?
    >
    > I downloaded md5.c fromhttp://www.advogato.org/article/830.htmland
    > compiled it on windows via cygwin and compiled it on Solaris 10.

    <snip>

    Out of interest I did the same and got the same problem. It worked on
    a 32-bit system and failed on a 64 bit system. When I changed the
    typedef for mULONG from 'unsigned long' to 'unsigned' the program (in
    self test mode, -t option) started working on the 64 bit system,
    where, incidentally, sizeof(unsigned) == 4 and sizeof(unsigned long)
    == 8. I assume it is something about the program, md5, or both, that
    requires 32 bit unsigned quantities. The code has a TRANSFORM macro
    that suggests as much.

    regards,
    Stijn
     
    , Nov 20, 2008
    #6
  7. Smurff wrote:
    >
    > I downloaded md5.c from http://www.advogato.org/article/830.html and
    > compiled it on windows via cygwin and compiled it on Solaris 10.
    >


    The code at the link relies critically on the endiannes of the hardware
    it is run on. It should work fine on any little-endian hardware, like
    x86, but will not work correctly on any big-endian hardware, like Sun.
    This is what you observe in your experiments.

    They use 'memcpy' to transfer data from the input 'mUCHAR' buffer to the
    internal MD5 buffer and then just re-interpret the latter as an 'mULONG'
    array for further processing. This can't work as in on a big-endian system.

    --
    Best regards,
    Andrey Tarasevich
     
    Andrey Tarasevich, Nov 20, 2008
    #7
  8. Smurff <> writes:

    > On Nov 20, 11:48 am, SozzlyJoe <> wrote:
    >> On 20 Nov, 10:16, Smurff <> wrote:
    >>
    >>
    >>
    >>
    >>
    >> > Hi All,

    >>
    >> > Should an md5 hash of the same string output the same hash on Windows
    >> > and Unix?

    >>
    >> > I downloaded md5.c fromhttp://www.advogato.org/article/830.htmland
    >> > compiled it on windows via cygwin and compiled it on Solaris 10.

    >>
    >> > Windows/Cygwin
    >> > $ ./md5.exe -s password
    >> > 5f4dcc3b5aa765d61d8327deb882cf99

    >>
    >> > Solaris
    >> > bash-3.00$ ./md5 -s password
    >> > a4d85586adcf1688d921e38312c7e437

    >>
    >> > Thanks for your time
    >> > Kind regards
    >> > Danny

    >>
    >> It certainly should.. A quick perusal of the webpage reveals that md5 -
    >> t runs a self test, try this and see which version fails!- Hide quoted text -
    >>
    >> - Show quoted text -

    >
    > Thanks for the reply. You were right, the test on cygwin did infact
    > complete ok but on solaris I recieved this:
    >
    > d41d8cd98f00b204e9800998ecf8427e << Expected Hash Value
    > 227b7f48d21283f63bc9bbc15b44ea1a << Actual Hash Value
    > Self Test Failed
    > md5:007:Test Failure.
    >
    >
    > Do you believe it is because of this actual implementation and / or
    > should I look at using something like OpenSSL? Its just that this chap
    > made this very easy for me :)


    It looks like that implementation is buggy, or at best, non-portable.
    You shouldn't have too much trouble finding a better one. OpenSSL
    probably has a good one, but there should also be standalone
    implementations.

    Note that if you have a choice, you might be better off using something
    like SHA256. MD5 has some known weaknesses.
     
    Nate Eldredge, Nov 20, 2008
    #8
  9. Nate Eldredge <> writes:
    > Smurff <> writes:
    >> On Nov 20, 11:48 am, SozzlyJoe <> wrote:
    >>> On 20 Nov, 10:16, Smurff <> wrote:
    >>> > Should an md5 hash of the same string output the same hash on Windows
    >>> > and Unix?
    >>>
    >>> > I downloaded md5.c fromhttp://www.advogato.org/article/830.htmland
    >>> > compiled it on windows via cygwin and compiled it on Solaris 10.
    >>>
    >>> > Windows/Cygwin
    >>> > $ ./md5.exe -s password
    >>> > 5f4dcc3b5aa765d61d8327deb882cf99
    >>>
    >>> > Solaris
    >>> > bash-3.00$ ./md5 -s password
    >>> > a4d85586adcf1688d921e38312c7e437

    [...]
    > It looks like that implementation is buggy, or at best, non-portable.
    > You shouldn't have too much trouble finding a better one. OpenSSL
    > probably has a good one, but there should also be standalone
    > implementations.
    >
    > Note that if you have a choice, you might be better off using something
    > like SHA256. MD5 has some known weaknesses.


    <OT>
    Both Cygwin and Solaris have their own "md5sum" command; it doesn't
    have the "-s" option, but it's easy enough to do the same thing.
    </OT>

    --
    Keith Thompson (The_Other_Keith) <http://www.ghoti.net/~kst>
    Nokia
    "We must do something. This is something. Therefore, we must do this."
    -- Antony Jay and Jonathan Lynn, "Yes Minister"
     
    Keith Thompson, Nov 20, 2008
    #9
  10. Smurff

    Smurff Guest

    All,

    Thanks for all your comments. The author of the code is in contact
    with me and I am happy to test any of his code on my sparc box. In the
    mean time I am looking at OpenSSL. There is a lot there and no where
    as easy to understand. Im not the greatest programmer :)

    If anyone has any links to a standalone version as the one in this
    thread then I would be very greatful.

    Thanks again guys and have a great weekend
    Danny
     
    Smurff, Nov 21, 2008
    #10
  11. Smurff <> writes:
    > Thanks for all your comments. The author of the code is in contact
    > with me and I am happy to test any of his code on my sparc box. In the
    > mean time I am looking at OpenSSL. There is a lot there and no where
    > as easy to understand. Im not the greatest programmer :)
    >
    > If anyone has any links to a standalone version as the one in this
    > thread then I would be very greatful.


    As I've already mentioned in this thread, there's an "md5sum" command
    in both Cygwin and Solaris. A version is part of the GNU coretuils
    package.

    --
    Keith Thompson (The_Other_Keith) <http://www.ghoti.net/~kst>
    Nokia
    "We must do something. This is something. Therefore, we must do this."
    -- Antony Jay and Jonathan Lynn, "Yes Minister"
     
    Keith Thompson, Nov 21, 2008
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ericko
    Replies:
    1
    Views:
    525
  2. Replies:
    9
    Views:
    17,202
    John Salerno
    May 8, 2006
  3. Carsten Maul

    Creating an MD5 hash with crypt.h

    Carsten Maul, Sep 23, 2004, in forum: C Programming
    Replies:
    2
    Views:
    927
    Kieran Simkin
    Sep 23, 2004
  4. rp
    Replies:
    1
    Views:
    583
    red floyd
    Nov 10, 2011
  5. Peter Woodsky

    create a md5 / md5 passwd with a salt

    Peter Woodsky, Nov 20, 2008, in forum: Ruby
    Replies:
    6
    Views:
    240
    Brian Candler
    Nov 21, 2008
Loading...

Share This Page