Hi there,
I've noticed that a lot of my Google searches took me here so i thought perhaps i could borrow your apt minds :)
I'm working on a One Time Password generator for a mobile device (as well as website to log in to) as part of my third year degree dissertation.
Using the org.bouncycastle.crypto.digests.MD5Digest library i am taking a byte array (from a string user input) then hashing it X number of times. This is also known as daisy chaining hash strings or lamports method of encryption.
My issue is that if the string is hashed once then it correctly hashes it, however if the new hash is hashed again the outcome is incorrect.
See code below:
private String generateHash(String OTP, int loopNum)
{
byte[] secretBytes = OTP.getBytes();
for (int x = 0; x < loopNum; x++)
{
byte[] tempStore = new byte[16];
tempStore = hash(secretBytes);
secretBytes = tempStore;
}
return convertToHex(secretBytes);
}
public byte[] hash(byte[] secretBytes)
{
org.bouncycastle.crypto.digests.MD5Digest digest = new org.bouncycastle.crypto.digests.MD5Digest();
digest.reset();
// Update MD5 digest with user secret in byte format
digest.update(secretBytes, 0, secretBytes.length);
// get length of digest to initialise new md5 byte array
int length = digest.getDigestSize();
// create md5 byte array using length
byte[] md5 = new byte[length];
// calculate MD5 hash, using md5 byte array, 0 for buffer offset
digest.doFinal(md5, 0);
return md5;
}
private static String convertToHex(byte[] data) {
StringBuffer buf = new StringBuffer();
String Hex;
String formattedHex;
for (int i = 0; i < data.length; i++) {
int halfbyte = (data[i] >>> 4) & 0x0F;
int two_halfs = 0;
do {
if ((0 <= halfbyte) && (halfbyte <= 9))
buf.append((char) ('0' +halfbyte));+
+ else+
+ buf.append((char) ('a'+ (halfbyte - 10)));
halfbyte = data[i] & 0x0F;
} while(two_halfs++ < 1);
}
Hex = buf.toString();
formattedHex = "\n" +Hex.substring(0, 4)+ " " +Hex.substring(4, 8)+ " " +Hex.substring(8, 12)+ " " +Hex.substring(12, 16)+ " " +Hex.substring(16, 20)+ " " +Hex.substring(20, 24)+ " " +Hex.substring(24, 28)+ " " + Hex.substring(28, 32);
return formattedHex;
}
I think it is either;
- The digest does not return a correct byte array
- The Hex converter incorrectly converts this
Im testing using the secret of: A which has the following MD5 Outputs:
- 7fc56270e7a70fa81a5935b72eacbe29
- 8f28f2e7231860115d2a8cacba019dbe (this should be 4cbd6d53280de25e04712c7434a70642)
Many thanks for your help in advance :)
p.s. I'm checking it against a PHP md5 could this also be an issue?