Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4179041

MD5 digest algorithm not backward compatible jdk1.1.6/jdk1.1.7

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not an Issue
    • Icon: P4 P4
    • None
    • 1.1.7
    • security-libs



      Name: tb29552 Date: 10/06/98


      The following method provides different output if run
      with version 1.1.6 or version 1.1.7 or java

      The output of this method for the string "xrce" is the following for the two architectures:
      jdk1.1.6:\u00E2\u00E1dt\u00CFF\u0012\u00A1\u0084z\u0092\u000C\u00E6\u00C8\u00E6\u00B7
      jdk1.1.7:\u00E2\u00E1dt\u00CFF\u0012\u00A1\u201Ez\u2019\u000C\u00E6\u00C8\u00E6\u00B7

      Backward compatibility is thus not provided. This prevents the same code from running
      two different versions of the JDK.

      //
      //Java imports
      //

      import java.util.*;
      import java.security.MessageDigest;
      import java.security.NoSuchAlgorithmException;


      public class TestDigest {

        /** Name of the digest algorithm used to crypt the passwords */
        private static String DIGEST_ALGORITHM = "MD5";
        /** The instance of the digest algorithm used to crypt the passwords */
        private MessageDigest messageDigest_ = null;

        public TestDigest() {
          try {
            //Create the message digest used to crypt the password.
            messageDigest_ = MessageDigest.getInstance( DIGEST_ALGORITHM );
          } catch( NoSuchAlgorithmException e ) {
            System.out.println("Impossible to crypt password because the digest algorithm:" );
          }
        }


        /**
         * Crypt the password to be able to manage it in a non readable way (especially
         * concerning what is stored in user.conf file.
         * @param clearPassword The password as typed in the user at log in
         * @return The crypted password as stored in the user database
         */
        public synchronized String cryptPassword( String clearPassword )
        {
          // Note: this method is synchronized in order to avoid concurrent accesses to the messageDigest_
          // variable

          byte[] clearPasswordBytes;
          byte[] cryptedPasswordBytes;

          clearPasswordBytes = clearPassword.getBytes();

          messageDigest_.reset(); //This is not really necessary but makes it safe.
          cryptedPasswordBytes = messageDigest_.digest( clearPasswordBytes );
          return new String( cryptedPasswordBytes );
        }

      }
      (Review ID: 39835)
      ======================================================================

            rschemersunw Roland Schemers (Inactive)
            tbell Tim Bell
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: