Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

MD5 Hashing 3

Status
Not open for further replies.

webmigit

Programmer
Aug 3, 2001
2,027
US
I need to hash a password before it is transmitted over the internet.. I understand that hashing is irreversible.. And I don't want it to be reversed..

AS I understand it, MD5 hashing is a standard.. IE if you MD5 hash a string in visual basic, you get the same result as if you did it in ASP or PHP or Cold Fusion and that's exactly what I want.. My passwords are hashed by a scripting language and I want to keep it that way but I want to write a companion program to my site.

ALFII.com
---------------------
If this post answered or helped to answer your question, please reply with such so that forum members with a similar question will know to use this advice.
 
Um.. its possible..?

To hash a string in cold fusion, you write

#hash(VarName)#

So you can see how control is very limited.. Can you forsee a way I can tweak the vb to match the CF?

ALFII.com
---------------------
If this post answered or helped to answer your question, please reply with such so that forum members with a similar question will know to use this advice.
 
I suspect that you may find that Cold Fusion and authorise.net are doing a Base64 conversion of the hash
 
Just doing a few Googles shows me that CF's hash() function returns a 32 byte string of hex digits.

The Paul Johnston JavaScript implementation of RSA's MD5 message digest algorithm (quite commonly used as the basis for many client-side digest routines) does the same thing. At least the copy I have handy here does.

strongm's [tt]HashVersion2[/tt] code above returns a 16 character string. Personally I think the Unicode flippityflopping going on here is a little scary but it all seems to luck out. I think using byte arrays would be safer but it doesn't appear to be necessary.

You just need to get back the "16 byte" hash and convert it to a 32 character string of hex digits. Then things ought to match:

[tt]s = HashVersion2(strToBeHashed)
h = ""
For i = 1 To Len(s)
h = h & Right("0" & Hex(Asc(Mid(s, i, 1))), 2)
Next
h = LCase(h)[/tt]

VB's Asc() will effectively "de-Unicode" the 16-bit VB string characters to 8-bit values. I chose to [tt]LCase()[/tt] the result here to match what my .js outputs.


I hope this sheds more light than heat on the matter.
 
strongm

Thank you for your authorative answers on this.. people seem to respect your answers here and I've gotten a few great ones from you before. Sorry it took me all day to respond and thanks for being patient.

dilettante

Thank you for understanding what my problem was and for being able to help.. This is an important project for me but it is still a side project and not one I've been able to put a lot of time into.

Thanks much!


ALFII.com
---------------------
If this post answered or helped to answer your question, please reply with such so that forum members with a similar question will know to use this advice.
 
vb5prgrmr,

It is not so much that I need working VB MD5 hash code, but that I want to program it myself. Hehe.

Anyway, what's PSC?
 
>it all seems to luck out

Luck? There's no luck involved...

>the "16 byte" hash

This is correct. MD5 creates an 128-bit hash, which is 16 bytes. The 32 character strings are a conversion of that hash to ensure that digests are human readble, whilst my routines return the genuine hash. Your code does that conversion admirably - although I'd suggest that

s = HashVersion2(strToBeHashed)
h = ""
For i = 1 To Len(s)
h = h & Hex(Asc(Mid(s, i, 1)))
Next
h = LCase(h)

is slightly cleaner
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top