3

when using oracle forms to generate md5 hash, i get result that is different from the result given by tomcat.

when using tomcat digest, i get:

C:\apache-tomcat-6.0.26\bin>digest -a md5 mypass
mypass:a029d0df84eb5549c641e04a9ef389e5

while using oracle forms, i get:

a029d0dfbfeb5549c641e04abff3bfe5

this is the code:

Declare
    v_checksum varchar2( 32 );
    v_hex_value varchar2( 32 );
begin
    v_checksum := SYS.DBMS_OBFUSCATION_TOOLKIT.MD5( input_string => 'mypass' );


    SELECT  LOWER( RAWTOHEX( v_checksum ) ) 
    INTO    v_hex_value
    FROM    dual;

    :res := v_hex_value;
end;

why aren't they giving the same result ? is there something wrong with my code ?

mohamida
  • 804
  • 2
  • 11
  • 25
  • FWIW my test in C# agrees with tomcat. To highlight the difference, Oracle has substituted three bytes (0x84, 9e, 89) with the same value (0xbf). At first glance there are no other bytes in your hash in the 0x80-0x9f range. – Rup Aug 26 '10 at 11:29
  • Is there anyway you can trace out `v_checksum`? If that's wrong then the problem is in the MD5 call but it'd be worth making sure the error was triggered by one of the conversion steps somehow. – Rup Aug 26 '10 at 11:39

2 Answers2

2

which version of Oracle are you running ? Your code gives the good answer on 10.2.0.3.0:

SQL> VARIABLE res VARCHAR2(32);
SQL> Declare
  2      v_checksum varchar2( 32 );
  3      v_hex_value varchar2( 32 );
  4  begin
  5      v_checksum:=SYS.DBMS_OBFUSCATION_TOOLKIT.MD5(input_string=>'mypass');
  6  
  7  
  8      SELECT  LOWER( RAWTOHEX( v_checksum ) )
  9      INTO    v_hex_value
 10      FROM    dual;
 11  
 12      :res := v_hex_value;
 13  end;
 14  /

PL/SQL procedure successfully completed
res
---------
a029d0df84eb5549c641e04a9ef389e5

Also I tried the other MD5 functions and they give the same answer:

SQL> DECLARE
  2     l_input RAW(16) := utl_raw.cast_to_raw('mypass');
  3  BEGIN
  4     :res:=lower(rawtohex(dbms_obfuscation_toolkit.md5(input=>l_input)));
  5  END;
  6  /

PL/SQL procedure successfully completed
res
---------
a029d0df84eb5549c641e04a9ef389e5
Vincent Malgrat
  • 66,725
  • 9
  • 119
  • 171
  • your second method worked fine for me. i'm using oracle 10.2.0.1.0. i don't know why i'm having such differences between the 2 methods !! – mohamida Aug 26 '10 at 12:22
  • 3
    @mohamida: you're applying the `rawtohex` function to a string (VARCHAR2), I'm not sure this is the appropriate usage (it should be applied to a RAW) -- maybe this is why you're seeing a difference. – Vincent Malgrat Aug 26 '10 at 12:27
0

Your code seems correct

I also get a029d0df84eb5549c641e04a9ef389e5 here http://md5hashgenerator.com/index.php

and also in sql server I get the same

SELECT CONVERT(VARCHAR(32),HashBytes('MD5', 'mypass'),2)
SQLMenace
  • 132,095
  • 25
  • 206
  • 225