MD5 Character encoding

Author: amonserrat@sfa-durango.gob.mx (jr_naxera)

Hello,

A bit of a silly problem, I hope. I am using MD5 to create digest for passwords in a web application, at the front end I use Javascript and at the backend the MD5digest function included in uenc.dll. However, I have somre trouble, as the string produced by MD5digest seems to lack a few chars, its length oscillates between 14 and 16, instead of keeping at 16, so it is imposible to compare it to the incoming string.

14 Comments

  1. Hello,

    The MD5 result may contain the null '0x00' so that it is perhaps chopped in the null character.

    Junya
    Uniface Lab.


    Author: junya (junya.yasuda@compuware.com)
  2. Greetings, junya:

    Thanks for the answer, that may be it, is there anything I can use to solve the issue?


    Author: jr_naxera (amonserrat@sfa-durango.gob.mx)
  3. Hi,

    what about a little DLL which wraps the uenc.dll MD5 and returns the result as HEX-Characters ?

    Success, Uli


    Author: ulrich-merkel (ulrichmerkel@web.de)
  4. That's certainly a solution, yes, but also is programming the whole MD5 thing from scratch or switching to php and forgeting about Uniface on the server side, all of them require time and effort I can't spare in this project. What I would like is a solution the vendor of my 4GL could provide to me, the customer, that will save me that time and effort because, well, my company has already payed them for it.
    If there is not such a solution, I have no problem in implementing the DLL and sharing it under an LGPL, but that's hardly ideal, or fair, considering Uniface itself is neither LGPL software not free.

    Sorry if I sounded harsh, but I needed to spell that out.


    Author: jr_naxera (amonserrat@sfa-durango.gob.mx)
  5. Hi,

    you have 100% my support on the point you made.
     I'm not a CPWR-employee and I think if we pay for supported licenses, we should get this done by the vendor.

    But:
    I started the Do-IT-Ourself (dITo)-initiative from the experience that it takes very long before "the Lab" gets the job done.
    So if we want to have a solution ASAP, it is better to implement it and share it with the other uniface customers.

    Remember that the uenc.dll was not designed to handle MD5 from inside of uniface.
    It was published as a workaround for a wish.

    Success, Uli

     

     


    Author: ulrich-merkel (ulrichmerkel@web.de)
  6. Thanks for the support and the clarification, as stated, if there is not a solution for the problem, I'll get around to make a SHA dll, since MD5 is already becoming insecure, but that also will take time, since my priority is to finish the web application on time.


    Author: jr_naxera (amonserrat@sfa-durango.gob.mx)
  7. Hi,

    let me have a look if i can add 

    MD5 support to the dITo 3TB dll in the next days.

    Success, Uli


    Author: ulrich-merkel (ulrichmerkel@web.de)
  8. Hi,

    have you had a chance to test my DLL with your files returning null-bytes in the MD5-digest?

    Would be nice to know if the dITo3TB module works correct here.

     

    SUccess, Uli


    Author: ulrich-merkel (ulrichmerkel@web.de)
  9. I was able to run your example -- md5 (from string and file) of Hello World was consistently b10a8db164e0754105b7a99be72e3fe5.


    Author: hoss (adkinsl@proware.com)
  10. Hi larry,

    thanks for your reply; was it easy to install and use?

    Success, Uli

    P.S. I have not found a file/string with this digest so far: but the scenario to test is:

    will it return the correct digest even if it contains null byte(s). Like: 0100030405060708090A0B0C0D0E0FFF

     

     


    Author: ulrich-merkel (ulrichmerkel@web.de)
  11. Hi,

    How do you "access" the MD5Digest function? Do you use a C call-out signature? I've done a couple of tests and I get "reliable" results when I use a C call-out signature where the return value (the parameter called Digest) is defined as RAW.

    The only thing one has to keep in mind is that the data returned is not actually binary, but it is "encoded" in the Uniface Meta Format TRX. So there is a "small challenge" translating the TRX into HEX values. But the Proc (4GL) involved is only about 50 lines of code - probably wont win a "beauty contest", but it seems to work. If anybody is interested then I could post an export of the form with the mentioned code here.

    Hope this helps.

    Best regards,
    Daniel


    Author: diseli (daniel.iseli@uniface.com)
  12. There is at least somebody (me) interested.

    Success, Uli


    Author: ulrich-merkel (ulrichmerkel@web.de)
  13. Well, I made the test and the original problem persist, the character count is variable, no fixed, as it should be for a MD5 digest. I'm interested in seeing how your code managed it, so please, post it. Thanks in advance.


    Author: jr_naxera (amonserrat@sfa-durango.gob.mx)
  14. Hi,

    Attached you can find an export with a C Call-Out signature for the MD5Digest function of the UENC.DLL and a little test form that calls the function from 4GL. The OUT parameter of the MD5Digest operation is defined as RAW (encoded in the Uniface internal Meta format TRX) and the return value is converted in Proc from RAW to HEX. The Proc should be self-explanatory, I hope, and it also has not been written to win any "prizes". ;-)

    Please note that I have not tested this matter in a UServer (Web) environment nor did I check if the MD5Digest always is returning 16 characters (regardeless of the provided input value). I however would be interested with which input values the function less then 16 characters.

    Hope this helps.

    Best regards,
    Daniel

    ***
    DISCLAIMER: PLEASE BE AWARE THAT THE PROVIDED INFORMATION IS SUPPLIED "AS IS". COMPUWARE DISCLAIMS ALL EXPRESS AND IMPLIED WARRANTIES, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. USER ASSUMES RESPONSIBILITY FOR ANY USE OF THE PROVIDED INFORMATION.


    Author: diseli (daniel.iseli@uniface.com)