toString() method of java.security.MessageDigest

[Nicholas Jordan]

I'm coding some stuff I will have to live, I just got this to compile:

Code:

String mad_dog = new java.lang.String(DIGEST_INPUT_STREAM.getMessageDigest().toString());

with the intent of something resembling Jesse Kornblum's md5-Deep. What I need to know is if this Message Digest to String looks like the Message Digest's we see for other work - i.e. colon separated string values looking to be something on the order of Character 0-9

[masijade]

I'm sorry, I know you don't want to hear this, and I don't want to intentionally upset you, nor do I want to get into a long discussion about it, but "Why don't you try it?"

Write a small test program that digests a few Strings and prints their digests, then do the same in some other language (or with some other tool) where you are familiar with it, and see if they match.

[Nicholas Jordan]

Far from upsetting me, this is master work and I recognize it. The issue here is well known in the crypto stuff I have been able to find: When there are bucks or value on the line, no detail is too small - no concievable issue undeserving of examination. This is real and will go live tomorrow.

I intend to do preliminary testing today, the point of posting is that I have no other language in which I can do cross-testing, it may be that assistance in finding the rfc's for the matter - that is actually my goal in posting. Search engines are great but areas of specialization are often not brought to professional grade by certified workers.

What I did there was get to a clean compile after having coded some 300-400 lines of rather convoluted effort that is not finished, I put that up as the last thing hoping to find some good links. I need something that will stand up to counter-claim by baccalaureate cs, therefore it is needful that I ask.

[masijade]

Well, I'm sorry, I can't tell you too much about it. I do know that Sun's cryto classes at least live up to the RFC standards (and are, in fact, in use by the military, I can't quote sources on that, however). As far as whether or not it is better or worse than md5-deep, I can't say. Sorry, again.

As far as the RFC goes, in case you couldn't find it, here is one RFC 1321 (rfc1321) - The MD5 Message-Digest Algorithm.

[Nicholas Jordan]

Quote:

Originally Posted by masijade

Well, I'm sorry, I can't tell you too much about it. I do know that Sun's cryto classes at least live up to the RFC standards (and are, in fact, in use by the military, I can't quote sources on that, however).

Yes

Quote:

Originally Posted by masijade

As far as whether or not it is better or worse than md5-deep, I can't say.

Uh,.... I spent an hour or two reading several RFC's, did not find official spec for Digest.toString() generally ~ MD-5, HMAC and whatever I could find. Worked on getting my code and ended up writing a stand-alone for a test stubb, md5-deep is just getting hashes for a directory to tracer whether there have been any changes. As for Military Grade Encryption, there is no such thing ~ if is was actual military we wouldn't be talking about it in open fora. I take Generic Midsize Corporation as my threat model for this.

I setteled on

Code:

String algorithm = new java.lang.String("HmacSHA256");

for no paticular reason, any actual hashing would do for what I need today, even student level work.