MD5 is a one way hash algorithm. It is not possible to reverse code to the original string.
Typically use case would be to verify the user name and password. provided both client and server knows it.
a simple digest based authentication would be of form below RFC 2067
HA1 = MD5(username:realm:password)
HA2 = MD5(method:digestURI)
response=MD5(HA1:nonce:HA2)
For e.g. say user name is “user1” and password is “pass1” and realm is example.com
HA1 will be MD5 (user1:example.com:pass1)
14f4a22e8a3c41f0a88822ce8b64e23a
Consider the client is trying to access the resource
GET /dir/index.html HTTP/1.0
Host : localhost
HA2 will be MD5(GET:/dir/index.html)
39aff3a2bab6126f332b942af96d3366
Now assume the nonce came from server in the WWW-Authenticated header is dcd98b7102dd2f0e8b11d0f600bfb0c093
then the response created will be
response = MD5(14f4a22e8a3c41f0a88822ce8b64e23a:dcd98b7102dd2f0e8b11d0f600bfb0c093:39aff3a2bab6126f332b942af96d3366);
71def13957000653830c2054c39dc7fd
The MD5 can be generated using the code below.
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(inputStr.getBytes());
byte byteData[] = md.digest();
StringBuffer sb = new StringBuffer();
for (int i = 0; i < byteData.length; i++)
sb.append(Integer.toString((byteData[i] & 0xff) + 0x100, 16).substring(1));
return sb.toString();
References:
No comments:
Post a Comment