3 Replies Latest reply on Mar 22, 2008 9:50 AM by foongkim

Pulling password from JBoss (JBP_USERS) directly

foongkim Mar 22, 2008 1:21 AM

Hi, i have this password, "d8578edf8458ce06fbc5bb76a58c5ca4" what do you think the hashing mechanism?

I have use this code to compare, but the differences are too much. Share me your view.

MessageDigest digest = java.security.MessageDigest.getInstance("MD5");
digest.update("qwerty".getBytes());
byte[] hash = digest.digest();
System.out.println(Base64Encoder.encode(hash));

and the base64 is from org.jboss.security.Base64Encoder and the output is 2FeO34RYzgb7xbt2pYxcpA==

1. Re: Pulling password from JBoss (JBP_USERS) directly

bdaw Mar 22, 2008 6:55 AM (in response to foongkim)

its hashAlgorithm - MD5 and hashEncoding - HEX
Actions
2. Re: Pulling password from JBoss (JBP_USERS) directly

bdaw Mar 22, 2008 7:58 AM (in response to foongkim)

Portal uses this to compare password:

http://anonsvn.jboss.org/repos/portal/modules/common/trunk/common/src/main/java/org/jboss/portal/common/util/Tools.java
Method md5AsHexString()
Actions
3. Re: Pulling password from JBoss (JBP_USERS) directly

foongkim Mar 22, 2008 9:50 AM (in response to foongkim)

bdaw, thanks.. it's solved.
private static String convertToHex(byte[] data)
{
StringBuffer buf = new StringBuffer();
for (int i = 0; i < data.length; i++)
{
int halfbyte = (data >>> 4) & 0x0F;
int two_halfs = 0;
do
{
if ((0 <= halfbyte) && (halfbyte <= 9))
buf.append((char) ('0' + halfbyte));
else
buf.append((char) ('a' + (halfbyte - 10)));
halfbyte = data & 0x0F;
}
while (two_halfs++ < 1);
}
return buf.toString();
}

public static String MD5(String text)
{
byte[] md5hash =null;
try {
MessageDigest md;
md = MessageDigest.getInstance("MD5");
md5hash = new byte[32];
md.update(text.getBytes("iso-8859-1"), 0, text.length());
md5hash = md.digest();
} catch (Exception e){
e.printStackTrace();
}
return convertToHex(md5hash);
}
Actions

Go to original post