I needed to make a program in java which logins with the vBulletin login system.
As you may know, many php boards use MD5 for hashing passwords.
vBulletin uses a “more advanced way” of hashing, just like phpBB3. phpBB2 used just old plain MD5 hashes.
So I needed to find out how I could use MD5 in java.
Off course there is no MD5 function like in php .
That’s why I searched a function that can do it, a little search on google like “java MD5 function” and so I looked at the first pages links and tried the functions that weren’t too long.
I created the vBulletin login system in java and with the first test account I could login …. BUT my own login failed :(. Quite irritating if you try 10 passes, all work and when you put it live, many people complaining they can’t login…
As I got “lucky” with my pass, I found that my hashed login was wrong, so after some debugging I found a 0 (zero) was missing in the first MD5. So the MD5 function was WRONG:(
As a test, I created a program that creates random passwords and create the MD5 of it with the functions I found on different sites (found by using google).
Both MySQL and php’s MD5 function has a hex notation, clearly not all MD5-functions found are hex notated, this is not a must, but off course needed for being compatible with php/MySQL.
In the next image you can see the standard behavior of the MD5-function found.
Most of them looks okay, but notice that the one from bombaydigital uses upper-case hex notation, and by using it for another round with MD5 it will go wrong.
The one found on Stockoverflow clearly doesn’t use hex-notation. And the one from Spiration, lost a 0 (zero).
With double MD5 you see the differences even faster, like shown in the next image:
The first marked line, you see that Spiration’s MD5 is wrong, in the second marked line, you see Spirition’s MD5 is ok. So it’s not reliable.
In the first and second marked lines you can see that dzone’s MD5 is ok, but the third and fourth are wrong. Also, not reliable.
As noted by single MD5, StockOverflow is not hex and bombaydigital is upper-case, so both functions aren’t giving me the expected output.
The right solution
This leaves us with the one from twmacinta, clearly it’s working, but in code, I needed 779 lines (including comment)
But it’s not really worth if it can be done in nearly 10 lines of code.
So don’t just copy/paste everything you find by using google. Other sites (just like me) can be wrong, yes, we are also just people.