×

Discussion Board

Results 1 to 5 of 5
  1. #1
    Registered User
    Join Date
    Feb 2010
    Posts
    3

    MD5 digest is not correct after 2 iterations (Lamport) OTP generator Uni dissertation

    Hi there,

    I've noticed that a lot of my Google searches took me here so i thought perhaps i could borrow your apt minds

    I'm working on a One Time Password generator for a mobile device (as well as website to log in to) as part of my third year degree dissertation.

    Using the org.bouncycastle.crypto.digests.MD5Digest library i am taking a byte array (from a string user input) then hashing it X number of times. This is also known as daisy chaining hash strings or lamports method of encryption.

    See code below:

    Code:
        private String generateHash(String OTP, int loopNum)
        {
          byte[] secretBytes = OTP.getBytes();
          
          for (int x = 0; x < loopNum; x++)
          {
              byte[] tempStore = new byte[16];
              tempStore = hash(secretBytes);
              secretBytes = tempStore;
          }
    
          return convertToHex(secretBytes);
       }
        
       public byte[] hash(byte[] secretBytes)
       {
            org.bouncycastle.crypto.digests.MD5Digest digest = new org.bouncycastle.crypto.digests.MD5Digest();
    
            digest.reset();
    
            // Update MD5 digest with user secret in byte format
            digest.update(secretBytes, 0, secretBytes.length);
    
            // get length of digest to initialise new md5 byte array
            int length = digest.getDigestSize();
    
            // create md5 byte array using length
            byte[] md5 = new byte[length];
    
            // calculate MD5 hash, using md5 byte array, 0 for buffer offset
            digest.doFinal(md5, 0);
    
            return md5;
       }
    
       
     private static String convertToHex(byte[] data) {
            StringBuffer buf = new StringBuffer();
            String Hex;
            String formattedHex;
            for (int i = 0; i < data.length; i++) {
                int halfbyte = (data[i] >>> 4) & 0x0F;
                int two_halfs = 0;
                do {
                    if ((0 <= halfbyte) && (halfbyte <= 9))
                        buf.append((char) ('0' + halfbyte));
                    else
                        buf.append((char) ('a' + (halfbyte - 10)));
                    halfbyte = data[i] & 0x0F;
                } while(two_halfs++ < 1);
            }
    
            Hex = buf.toString();
    
            formattedHex = "\n" + Hex.substring(0, 4) + " " + Hex.substring(4, 8) + " " + Hex.substring(8, 12) + " " + Hex.substring(12, 16) + " " + Hex.substring(16, 20) + " " + Hex.substring(20, 24) + " " + Hex.substring(24, 28) + " " + Hex.substring(28, 32);
            return formattedHex;
        }
    I think it is either;

    1) The digest does not return a correct byte array
    2) The Hex converter incorrectly converts this

    Im testing using the secret of: A
    which has the following MD5 Outputs:

    1x) 7fc56270e7a70fa81a5935b72eacbe29
    2x) 8f28f2e7231860115d2a8cacba019dbe << this should be : 4cbd6d53280de25e04712c7434a70642

    Many thanks for your help in advance

  2. #2
    Super Contributor
    Join Date
    Jun 2003
    Location
    Cheshire, UK
    Posts
    7,395

    Re: MD5 digest is not correct after 2 iterations (Lamport) OTP generator Uni disserta

    I spot nothing immediately wrong in the code, from a brief inspection.

    Quote Originally Posted by garbit View Post
    2x) 8f28f2e7231860115d2a8cacba019dbe << this should be : 4cbd6d53280de25e04712c7434a70642
    By what means have you made this determination?

    There is a third possibility: that you made an error in your calculation of "4cbd6d53280de25e04712c7434a70642", and that "8f28f2e7231860115d2a8cacba019dbe" is indeed correct.

    Without attempting to repeat your experiment, I can suggest one possible source of error: if you are forgetting that the second iteration will compute a hash based on the binary representation of the first hash, not a textual representation (that is, 16 bytes, not 32 characters).

    Graham.

  3. #3
    Registered User
    Join Date
    Feb 2010
    Posts
    3

    Re: MD5 digest is not correct after 2 iterations (Lamport) OTP generator Uni disserta

    I've used 2 different MD5 scripts to encrypt the string, the first was a web based script that can be found on-line (www.md5generator.com) and the second is my php authentication script that i wrote.

    *edit*
    On the first iteration the input "string" is in actual fact a binary representation of the user's string, see below;

    byte[] secretBytes = OTP.getBytes();

    Therefore my MD5 digest only uses a binary input every time it generates a hash. However the output from the initial hash may in fact be the problem. The reason i say this is because it initially works correctly.
    *edit*

    I see what you mean about the binary and textual representation. If that is the case i understand that i must do the following;

    convert OrigionalUserInputString -> ByteArray;
    output = MD5(ByteArray);
    convert output -> String
    repeat process N times

    I will try that now and thank you very much for your quick response!
    Last edited by garbit; 2010-02-03 at 15:00. Reason: rewording

  4. #4
    Registered User
    Join Date
    Feb 2010
    Posts
    3

    Re: MD5 digest is not correct after 2 iterations (Lamport) OTP generator Uni disserta

    Thank you all very much for your help, the problem was that my java md5 did not behave like a php MD5.

    "MD5, when applied to an input consisting in a single byte of value 0x41 (an 'A'), yields a 16-byte output which, when printed in hexadecimal, is 7fc56270e7a70fa81a5935b72eacbe29.

    If you apply MD5 on those 16 bytes, you should get 8f28f2e7231860115d2a8cacba019dbe, and that's what you get.

    Now, if you consider MD5 applied on a 32-byte string which is the ASCII encoding of the character string "7fc56270e7a70fa81a5935b72eacbe29", then this yields 4cbd6d53280de25e04712c7434a70642. So I think that your Java code is fine (for that) and that your confusion comes from how you give the input data to your PHP-based test code. You write 7fc562... and you think about it as "one byte of value 0x7f, then one byte of value 0xc5, then..." but the PHP code takes it as "one byte of value 0x37 (ASCII code for a '7'), then one byte of value 0x66 (ASCII code for an 'f'), then...".

    I found a solution to the problem which basically taking the byte array and converting it into a hex string and THEN get the bytes for this string rather than for the un hex'd byte array. See solutions below

    The issue + explanation of the problem: http://stackoverflow.com/questions/2...oldest#tab-top
    See the following for the code result: http://forums.sun.com/thread.jspa?fo...hreadID=718781

  5. #5
    Super Contributor
    Join Date
    Jun 2003
    Location
    Cheshire, UK
    Posts
    7,395

    Re: MD5 digest is not correct after 2 iterations (Lamport) OTP generator Uni disserta

    I'm not a PHP guy... but I'd guess the two work the same, except that either the return value from PHP's hashing function was a string representation of the hash (not the raw binary hash itself), or you were unwittingly converting it to a string (type conversions are easy to do in scripting languages, often without meaning to).

    It doesn't matter which way you work, so long as you apply it consistently.

    Good luck with your project!

    Graham.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×