convert password encryption from java to php

Question

I\'m trying to create a PHP version of an existing JSP program, however I\'m stuck at the password encryption part.

Could you please tell me how to convert this one?

Answer 1

Iraklis should be right. md5() gives you a hex-encoded output string by default. You only get the unencoded bytes like in Java by passing in TRUE for the optional $raw_output argument.

the lengths range from 29 to 32

Then your Java code has a bug. MD5 hashes are always 128 bits (32 hex digits). Here it is:

hexString.append( Integer.toHexString(0xFF & message[ i ] ) );

this will generate 1 instead of 01 for all bytes below 16. What you have stored is a mangled hash, from which you cannot recover the original MD5 value. If you absolutely must keep this broken data, you will have to reproduce the bug in PHP:

function makeBrokenMD5($s) {
    $hash= md5($s, TRUE);
    $bytes= preg_split('//', $hash, -1, PREG_SPLIT_NO_EMPTY);
    $broken= '';
    foreach ($bytes as $byte)
        $broken.= dechex(ord($byte));
    return $broken;
}

Answer 2

It converts the MD5 hash to a string hexadecimal numbers of the least significan byte of the character. In Java all chars are 2 bytes.

In practice this means just the ASCII value.

Answer 3

<?php
$password = "MyPass";
$hash = md5($password);
?>

UPDATE: There are some discrepancies between the two versions. To fix this see @bobince answer.Here is the test code:

Java

package tests;

import java.security.MessageDigest;

/**
 * Created by IntelliJ IDEA.
 * User: Iraklis
 * Date: 2 Ιουν 2010
 * Time: 2:15:03 μμ
 * To change this template use File | Settings | File Templates.
 */
public class Md5Test {
    public static String encryptPassword(String password) {
        String encrypted = "";
        try {
            MessageDigest digest = MessageDigest.getInstance("MD5");
            byte[] passwordBytes = password.getBytes();

            digest.reset();
            digest.update(passwordBytes);
            byte[] message = digest.digest();

            StringBuffer hexString = new StringBuffer();
            for (int i = 0; i < message.length; i++) {
                hexString.append(Integer.toHexString(
                        0xFF & message[i]));
            }
            encrypted = hexString.toString();
        }
        catch (Exception e) {
        }
        return encrypted;
    }

    public static void main(String[] args) {
        System.out.println("Pass1 md5 = " + encryptPassword("Test123FORXTREMEpass"));
        System.out.println("Pass1 md5 = " + encryptPassword("Ijdsaoijds"));
        System.out.println("Pass1 md5 = " + encryptPassword("a"));
        System.out.println("Pass1 md5 = " + encryptPassword(" "));
    }

}


Output:
Pass1 md5 = dc3a7b42a97a3598105936ef22ad2c1
Pass1 md5 = df7ca542bdbf7c4b8776cb21c45e7eef
Pass1 md5 = cc175b9c0f1b6a831c399e269772661
Pass1 md5 = 7215ee9c7d9dc229d2921a40e899ec5f

PHP

<?php
echo "Pass1 md5 = ".md5("Test123FORXTREMEpass")."<BR>";
echo "Pass2 md5 = ".md5("Ijdsaoijds")."<BR>";
echo "Pass3 md5 = ".md5("a")."<BR>";
echo "Pass4 md5 = ".md5(" ")."<BR>";
?>

output:

Pass1 md5 = dc3a7b42a97a35981059036ef22ad2c1
Pass2 md5 = df7ca542bdbf7c4b8776cb21c45e7eef
Pass3 md5 = 0cc175b9c0f1b6a831c399e269772661
Pass4 md5 = 7215ee9c7d9dc229d2921a40e899ec5f

Answer 4

To get the same results in both java and php I used this.

Java(make sure to call the method inside a "try" block):

public static String getHash(String pass) throws Exception
{
    MessageDigest md=MessageDigest.getInstance("MD5");
    md.update(pass.getBytes(),0,pass.length());
    return new BigInteger(1,md.digest()).toString(16);
}

PHP:

<?php
echo md5(pass);
?>

Hope this helps

Edit: If the java variant returns 31 characters, adds a "0" in front of the string to match the php hash which returns 32 characters.