|
|
Posted by Toby A Inkster on 11/23/07 19:11
Matthew wrote:
> Yes. MD5 is a standard hash function, unless all software implementations
> of MD5 provide exactly the same result, its use is pretty much pointless.
> The only reason why one version of MD5 could give a different result from
> another is if one of them has not implemented the algorithm correctly, in
> which case it is not an implementation of MD5 at all but is a flawed
> variation of it.
Well, in a language that uses null-terminated strings, a case could be
made for or against including the null in the hash's input string. This
could lead to two possible results for one input.
Also, although it's customary to hex-encode the output of an MD5 hash (as
PHP's md5() function does), it could be shown in decimal, octal or some
other base, in which case, although the result would be the same, it would
*look* very different, and a simple string comparison would class them as
different. Also even with hex-encoded MD5s, you need to make sure that the
comparison is case-insensitive.
--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.17.14-mm-desktop-9mdvsmp, up 1 day, 6 min.]
It'll be in the Last Place You Look
http://tobyinkster.co.uk/blog/2007/11/21/no2id/
Navigation:
[Reply to this message]
|