Click here to Skip to main content
Click here to Skip to main content

CMD5: A C++ Message Digest 5 Class

, 9 Jan 2001
Rate this:
Please Sign up or sign in to vote.
This C++ class serves as a wrapper for the Message Digest 5 code described in the Internet RFC 1321.

Introduction

There has been some recent discussion here concerning how to save password information. In general, it is a Very Bad Idea(tm) to just store a password in an application, data file, INI file, registry, or anywhere but in volatile memory.

A better idea than trying to save a password is to save a "cryptological hash" of the password. Cryptographers call this type of hash a "digest". A digest function in this context is just a function that takes a block of text (called "the plaintext") and computes a checksum type number for that block. Cryptological digests have the properties that,

  • It is highly unlikely that different input text will produce the same digest.
  • It is very, very difficult if not totally impossible to get from the digest back to the input plaintext.

Programmers wishing to secure their password data can immediately compute the digest of the password, and then save that. When the user is prompted for a password, the digest of the input password candidate is computed, and this digest is compared against the stored digest. If they are equal, then the user has entered the correct password. Note that the programmer can post the stored hash value on a public web page or a billboard on the highway, and the security of his product is not compromised. He or she has no worries about someone with a hex editor digging out passwords.

Digests may also be used to verify that a message has been transmitted correctly, in a manner similar to cyclic redundancy checks.

A proven digest algorithm is "Message Digest Five" by Ron Rivest (Ron is the ‘R’ in RSA). It is described in Internet RFC 1321, "The MD5 Message-Digest Algorithm". A google search will provide hundreds of links to this RFC, I used the one I found here. This RFC includes a K&R style ‘C’ implementation of the MD5 algorithm. This implementation is a bit awkward to use, so I’ve wrapped it in a simple generic C++ class.  The class is called CMD5. It has only four interesting members:

CMD5();    //default ctor

CMD5(const char* plainText);  //set plaintext in ctor

void setPlainText(const char* plainText);
    // set plaintext with a mutator, it's ok to 
    // to call this multiple times, the digest is 
    // recalculated after each call.
                                           
const char* getMD5Digest();
    // access message digest (aka hash), return 0 if
    // plaintext has not been set

To use the class, just set the plain text either in the constructor or with the setPlainText member. The class calls a very slightly modified version of the RFC 1321 code to compute the digest, which is immediately available by calling getMD5Digest.

Here is some pseudo code showing how to use this class:

cout >> "Enter password:"; 
cin >> strUserEnteredPassword;
CMD5 md5((const char*)strUserEnteredPassword));
if(strcmp(md5.getMD5Digest(), 
  (const char*)m_PreviouslyStoredDigestOfTheActualPassword)==0)
{ 
    //password is valid
} 
else
{   
    //user entered incorrect password
}

To use the class, you need these files:

  • md5class.h and md5class.cpp - The CMD5 C++ code.
  • global.h, MD5.h, md5.c - Slightly modified versions of the RFC 1321 code.

These files are generic C++. The zip file includes a Win32 console app project that includes a main.cpp file. This little program runs the verification examples provided in the RFC. I use STL in this demo, but not in the class itself.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Share

About the Author

Jim Howard
Web Developer
United States United States
just another c++ developer, except that im really
old, almost 51!

Comments and Discussions

 
QuestionPotential flaw Pinmember-dZb-13-Sep-11 11:08 
QuestionRestore the password how I can do? PinmemberJasonShen11122-Mar-06 20:05 
AnswerRe: Restore the password how I can do? PinmemberJim Howard23-Mar-06 4:29 
General[Small Tip] To reuse CMD5 in your MFC/eVC++4 project PinmemberJae Hyoung Kim18-Sep-05 11:59 
GeneralRe: [Small Tip] To reuse CMD5 in your MFC/eVC++4 project Pinmemberfreaky_flow4-Oct-07 2:56 
General[solved]Re: [Small Tip] To reuse CMD5 in your MFC/eVC++4 project Pinmemberfreaky_flow4-Oct-07 3:56 
Generalsmaller tip PinmemberDrJohnAir12-Mar-08 18:40 
GeneralMD5 broken... PinsussAnonymous16-Feb-05 7:47 
QuestionUnicode? Pinmemberblongtq1-Mar-04 23:11 
AnswerRe: Unicode? Pinmemberjeffreyz8-Feb-05 14:49 
yes, the posted control does not support unicode. i made the following change to get it to run on a pocketpc. basically, he home-brewed memset and memcpy and they do not support unicode strings.
 
in md5c.cpp, MD5Update function, i replaced:
 
//MD5_memcpy(((POINTER)&context->buffer[index], (POINTER)input, partLen);
memcpy(&context->buffer[index], input, partLen * sizeof(TCHAR));
-and-
 
/* Buffer remaining input */
//MD5_memcpy((POINTER)&context->buffer[index], (POINTER)&input[i], inputLen-i);
memcpy(&context->buffer[index], &input[i], (inputLen - i) * sizeof(TCHAR));
 
it seems to work well now.
hth
jeff zamora

GeneralRe: Unicode? PinmemberTonde7-Sep-05 8:50 
Generalclarification - very urgent PinmemberNareshsiva26-Jan-04 1:19 
GeneralRe: I'm Using C++ Builder 6.0 Pinmemberbobsuk20-Nov-06 1:30 
GeneralBug! PinsussThe Coder2-Mar-03 11:22 
GeneralRe: Bug! PinmemberJim Howard2-Mar-03 16:26 
GeneralJust a little bit more secure PinsussDaywalker21-Oct-02 23:26 
GeneralCompatibility PinmemberHugo Hallman9-Oct-02 22:43 
GeneralRe: Compatibility PinsussAnonymous10-Oct-02 2:43 
GeneralToo many critics ! PinmemberStanislav Panasik2-Oct-02 2:05 
GeneralRe: Too many critics ! Pinmemberminetti30-Nov-02 13:27 
GeneralWeird !! PinsussAnonymous21-Aug-02 9:57 
GeneralRe: Weird !! PinmemberJim Howard23-Sep-02 4:01 
Generalpassword storage Pinmemberbarmak19-Jul-02 18:29 
GeneralRe: password storage PinmemberJim Howard20-Jul-02 5:41 
GeneralRe: password storage PinmemberJason Hooper20-Jul-02 9:34 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web03 | 2.8.140827.1 | Last Updated 10 Jan 2001
Article Copyright 2001 by Jim Howard
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid