discuss-gnustep
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: md5 hashing on GNUstep


From: Johannes Brakensiek
Subject: Re: md5 hashing on GNUstep
Date: Wed, 01 Apr 2020 21:42:17 +0200



On 1 Apr 2020, at 20:36, Andreas Fink wrote:

Your approach might not give you the intended result if you have NSStrings containing Unicode characters which contains zero bytes. Your strlen() call would stop at that character and not go to the full length of a NSString. So a conversion to NSData and use its length would be better. For ASCII and Laltin1 it wouldnt make a difference though.

so this would be better appraoch:

   NSData *d = [self dataUsingEncoding:NSUTF8StringEncoding];
   unsigned char result[CC_MD5_DIGEST_LENGTH];
   CC_MD5( d.bytes, (int)d.length, result );

One might add (you probably know) that MD5 is broken regarding cryptographic purposes.[1] For many use cases you should use something like SHA-2[2] or - if targeting passwords - hashing and salting[3] instead.

Johannes

[1] https://en.wikipedia.org/wiki/MD5
[2] https://en.wikipedia.org/wiki/SHA-2
[3] https://download.libsodium.org/doc/password_hashing



reply via email to

[Prev in Thread] Current Thread [Next in Thread]