|
From: | Johannes Brakensiek |
Subject: | Re: md5 hashing on GNUstep |
Date: | Wed, 01 Apr 2020 21:42:17 +0200 |
On 1 Apr 2020, at 20:36, Andreas Fink wrote:
Your approach might not give you the intended result if you have NSStrings containing Unicode characters which contains zero bytes. Your strlen() call would stop at that character and not go to the full length of a NSString. So a conversion to NSData and use its length would be better. For ASCII and Laltin1 it wouldnt make a difference though.so this would be better appraoch: NSData *d = [self dataUsingEncoding:NSUTF8StringEncoding]; unsigned char result[CC_MD5_DIGEST_LENGTH]; CC_MD5( d.bytes, (int)d.length, result );
One might add (you probably know) that MD5 is broken regarding cryptographic purposes.[1] For many use cases you should use something like SHA-2[2] or - if targeting passwords - hashing and salting[3] instead.
Johannes [1] https://en.wikipedia.org/wiki/MD5 [2] https://en.wikipedia.org/wiki/SHA-2 [3] https://download.libsodium.org/doc/password_hashing
[Prev in Thread] | Current Thread | [Next in Thread] |