Bug #27623 | leading 0 is stripped off md5sum for password | ||
---|---|---|---|
Submitted: | 3 Apr 2007 18:52 | Modified: | 13 Apr 2007 12:43 |
Reporter: | Matthew Lord | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Enterprise Monitor: Server | Severity: | S2 (Serious) |
Version: | OS: | Any | |
Assigned to: | Darren Oldag | CPU Architecture: | Any |
Tags: | Merlin, password |
[3 Apr 2007 18:52]
Matthew Lord
[5 Apr 2007 17:08]
Jan Kneschke
The server code to turn a md5-hash into a string is using BigInteger().toString() which strips leading zeros: String md5Hash(String toHash) { final MessageDigest md5 = getMD5digestInstance(); final byte[] unhashed = toUTF8bytes(toHash); final byte[] hashed = md5.digest(unhashed); return new BigInteger(1, hashed).toString(16); } A sprintf fixes the problem: return String.format("%032x", new BigInteger(1, hashed));
[10 Apr 2007 13:25]
Darren Oldag
fixed in trunk. waiting for instruction to merge fix into 1.1.1 point release.
[13 Apr 2007 9:21]
Carsten Segieth
tested OK with 1.1.1.5099: mysql> select * from users; +---------+------------+----------------------------------+-----------+ | user_id | user_name | user_pass | role_name | +---------+------------+----------------------------------+-----------+ ... | 3 | tester | 09736a8436e10bf1991927f2ffc76c12 | dba | +---------+------------+----------------------------------+-----------+
[13 Apr 2007 12:43]
Peter Lavin
Added to changelog.