Sunday, April 1, 2012

Your MD5 is wrong

This is an annoying display of ignorance on the part of many people at certain conferences. They will enter a contest and often times the answer must be submitted in the form of an md5 hash. So they will solve the puzzle and the secret key to give them points will be "kittens". They need the MD5 of the string "kittens" so they run the following:

echo 'kittens' | md5sum
f261adc7c891836ecc58c62fb80c6e34

They submit that hash to the scoring engine and it says INCORRECT, TRY AGAIN. "Well wtf...lets check our answer again". *1 minute later* "yeah its definitely right, their scoring engine must be broken or something"

I've heard that muttered all too often at contests and it makes me cringe. Here is what went wrong, and the scoring engine is working perfectly fine, you just dont understand how echo works. It helps if we look at things with our hexray vision.

echo 'kittens' | xxd -p
6b697474656e730a

you see that? whats that last character? '0a' - if you look up what '0a' means in the ascii table (man ascii), you will see that it represents  the new line. echo, BY DEFAULT, appends a new line to whatever string you wrote. That folks, is what fucked up your hash.

echo -n 'kittens' | xxd -p
6b697474656e73

now the 0a is gone. now pipe your new echo command into md5sum and you have the correct hash the scoring engine was expecting.

you could avoid the whole issue if you used printf instead of echo. To visualize this:


printf kittens | md5sum
84169a8d5b3289e8ece00d7735081b53  -

echo kittens | md5sum
f261adc7c891836ecc58c62fb80c6e34  -

echo -n kittens | md5sum
84169a8d5b3289e8ece00d7735081b53  -

just an fyi: apparently bsdutils of 'md5' have a -s for string argument that does it all in one go:


md5 -s kittens
MD5 ("kittens") = 84169a8d5b3289e8ece00d7735081b53




No comments:

Post a Comment