Results 1 to 5 of 5
  1. #1
    Nicholas Jordan's Avatar
    Nicholas Jordan is offline Senior Member
    Join Date
    Jun 2008
    Location
    Southwest
    Posts
    1,018
    Rep Power
    8

    Question toString() method of java.security.MessageDigest

    I'm coding some stuff I will have to live, I just got this to compile:
    Java Code:
    String mad_dog = new java.lang.String(DIGEST_INPUT_STREAM.getMessageDigest().toString());
    with the intent of something resembling Jesse Kornblum's md5-Deep. What I need to know is if this Message Digest to String looks like the Message Digest's we see for other work - i.e. colon separated string values looking to be something on the order of Character 0-9
    Introduction to Programming Using Java.
    Cybercartography: A new theoretical construct proposed by D.R. Fraser Taylor

  2. #2
    masijade is offline Senior Member
    Join Date
    Jun 2008
    Posts
    2,571
    Rep Power
    9

    Default

    I'm sorry, I know you don't want to hear this, and I don't want to intentionally upset you, nor do I want to get into a long discussion about it, but "Why don't you try it?"

    Write a small test program that digests a few Strings and prints their digests, then do the same in some other language (or with some other tool) where you are familiar with it, and see if they match.

  3. #3
    Nicholas Jordan's Avatar
    Nicholas Jordan is offline Senior Member
    Join Date
    Jun 2008
    Location
    Southwest
    Posts
    1,018
    Rep Power
    8

    Smile I do want to hear this ( ! )

    Far from upsetting me, this is master work and I recognize it. The issue here is well known in the crypto stuff I have been able to find: When there are bucks or value on the line, no detail is too small - no concievable issue undeserving of examination. This is real and will go live tomorrow.

    I intend to do preliminary testing today, the point of posting is that I have no other language in which I can do cross-testing, it may be that assistance in finding the rfc's for the matter - that is actually my goal in posting. Search engines are great but areas of specialization are often not brought to professional grade by certified workers.

    What I did there was get to a clean compile after having coded some 300-400 lines of rather convoluted effort that is not finished, I put that up as the last thing hoping to find some good links. I need something that will stand up to counter-claim by baccalaureate cs, therefore it is needful that I ask.
    Introduction to Programming Using Java.
    Cybercartography: A new theoretical construct proposed by D.R. Fraser Taylor

  4. #4
    masijade is offline Senior Member
    Join Date
    Jun 2008
    Posts
    2,571
    Rep Power
    9

    Default

    Well, I'm sorry, I can't tell you too much about it. I do know that Sun's cryto classes at least live up to the RFC standards (and are, in fact, in use by the military, I can't quote sources on that, however). As far as whether or not it is better or worse than md5-deep, I can't say. Sorry, again.

    As far as the RFC goes, in case you couldn't find it, here is one RFC 1321 (rfc1321) - The MD5 Message-Digest Algorithm.

  5. #5
    Nicholas Jordan's Avatar
    Nicholas Jordan is offline Senior Member
    Join Date
    Jun 2008
    Location
    Southwest
    Posts
    1,018
    Rep Power
    8

    Smile no progress

    Quote Originally Posted by masijade View Post
    Well, I'm sorry, I can't tell you too much about it. I do know that Sun's cryto classes at least live up to the RFC standards (and are, in fact, in use by the military, I can't quote sources on that, however).
    Yes
    Quote Originally Posted by masijade View Post
    As far as whether or not it is better or worse than md5-deep, I can't say.
    Uh,.... I spent an hour or two reading several RFC's, did not find official spec for Digest.toString() generally ~ MD-5, HMAC and whatever I could find. Worked on getting my code and ended up writing a stand-alone for a test stubb, md5-deep is just getting hashes for a directory to tracer whether there have been any changes. As for Military Grade Encryption, there is no such thing ~ if is was actual military we wouldn't be talking about it in open fora. I take Generic Midsize Corporation as my threat model for this.

    I setteled on
    Java Code:
    String algorithm = new java.lang.String("HmacSHA256");
    for no paticular reason, any actual hashing would do for what I need today, even student level work.
    Introduction to Programming Using Java.
    Cybercartography: A new theoretical construct proposed by D.R. Fraser Taylor

Similar Threads

  1. Java Security Warning
    By Neil in forum New To Java
    Replies: 3
    Last Post: 09-01-2008, 04:15 PM
  2. Java security
    By Zosden in forum Java Applets
    Replies: 43
    Last Post: 08-02-2008, 02:10 PM
  3. toString method
    By apfroggy0408 in forum New To Java
    Replies: 6
    Last Post: 01-31-2008, 04:08 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •