MD5 and SHA1 hashes on PHP and JBoss AS

So, a hash is a hash, and all you need to do to compare them is comparing strings right?

Well, while that might be true for PHP version of the hashes, the MessageDigest class in the java security package hashes bytes into other bytes, not strings into other strings or bytes into strings. In order to obtain a string representation of the hash, you need to convert it to a string, be it representing bytes as hex strings (i.e. ff for 255), or converting it through other algorythms such as Base64, which generate a smaller string.

PHP functions sha1() and md5() both convert strings into other strings, and nothing else. They also use hex (base16) conversion to create them.

I had a problem trying to get both PHP and Java to use the same hashes using the DatabaseServerLoginModule in JBoss AS, because by default it encodes hashes with base64 when comparing them to strings in the database, while PHP was doing it base16 (hex). In order to fix that, I had to add this:


Thought I’d share that.

Leave a Reply

Your email address will not be published. Required fields are marked *