Need help with MD5 hashs

Hi guys !

I need some help with a little problem I have with MD5 hashs.

I need to be able to convert existing MD5 hexdigests to raw digests. Is
this possible?

I’ll explain.

If I do : Digest::MD5.digest(‘password’), I get a raw MD5 digest. Right.

Then if I do : Digest::MD5.digest(‘password’).unpack(“H*”)[0], then I
get the same output that if I did Digest::MD5.hexdigest(‘password’).

But how can I do the opposite in ruby? How can I go from an existing
hexdigested MD5 string to the raw form?

I’m writing a program that needs to get hexdigested MD5 passwords
strings from a database and need to be able to use these passwords as
LDAP passwords.

In LDAP, the MD5 passwords that are created by slappasswd are raw MD5s
that are then base64 encoded.

So in ruby if I do : Base.encode64(Digest::MD5.digest(‘password’)), I
get the exact same string as with slappasswd.

But since I already have the hexdigested passwords, it would save me and
my users the burden of changing their passwords after the migration.

Thanx!

I hope I’m clear enough.

Jonathan

Then if I do : Digest::MD5.digest(‘password’).unpack(“H*”)[0], then I
get the same output that if I did Digest::MD5.hexdigest(‘password’).

But how can I do the opposite in ruby? How can I go from an existing
hexdigested MD5 string to the raw form?

Hi,

the inverse operation of String#unpack is Array#pack. So all you need
to do is wrap your hex String in an Array first:

bytes = [hex].pack(“H*”)

Regards,
Martin

PS: As far as I remember, Digest also implements #hexdigest, at least
OpenSSL::Digest does. This would save you some typing for the first
case :slight_smile:

WOW !

SO simple !

Thanx a million !

Jonathan

WOW !

Son simple !

Thanx a million !

Jonathan

You’re welcome!

As an advice, it seems like your password storage scheme relies on
MD5-hashed passwords with no salt? If so, you should probably consider
to go for something more sophisticated since you are in a transition
phase
now anyway. MD5 with no password is almost trivial to break these days.
If you don’t believe me, google for ‘48bb6e862e54f2a795ffc4e541caed4d’.
See, you recovered a password in mere seconds :wink:
For something more secure, you could have a look at PBKDF2 as described
in
http://www.ruby-doc.org/stdlib-2.0/libdoc/openssl/rdoc/OpenSSL/PKCS5.html
or use https://github.com/codahale/bcrypt-ruby if you have no OpenSSL
available on your system.

Regards,
Martin

Hi Jonathan

I’m trying to connect to our LDAP with net/LDAP, but I get a credentials
error and the IT departement asked me to use DIgest md5. It seems as if
you were able to connect to yours through digest md5… mind sharing
your code?

Thanks!
Tobias

Jonathan-Marc Lapointe wrote in post #1053361:

Hi guys !

I need some help with a little problem I have with MD5 hashs.

I need to be able to convert existing MD5 hexdigests to raw digests. Is
this possible?

I’ll explain.

If I do : Digest::MD5.digest(‘password’), I get a raw MD5 digest. Right.

Then if I do : Digest::MD5.digest(‘password’).unpack(“H*”)[0], then I
get the same output that if I did Digest::MD5.hexdigest(‘password’).

But how can I do the opposite in ruby? How can I go from an existing
hexdigested MD5 string to the raw form?

I’m writing a program that needs to get hexdigested MD5 passwords
strings from a database and need to be able to use these passwords as
LDAP passwords.

In LDAP, the MD5 passwords that are created by slappasswd are raw MD5s
that are then base64 encoded.

So in ruby if I do : Base.encode64(Digest::MD5.digest(‘password’)), I
get the exact same string as with slappasswd.

But since I already have the hexdigested passwords, it would save me and
my users the burden of changing their passwords after the migration.

Thanx!

I hope I’m clear enough.

Jonathan

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs