Click here to Skip to main content
11,565,623 members (47,886 online)
Click here to Skip to main content

CMD5: A C++ Message Digest 5 Class

, 9 Jan 2001 224.8K 3.8K 87
Rate this:
Please Sign up or sign in to vote.
This C++ class serves as a wrapper for the Message Digest 5 code described in the Internet RFC 1321.

Introduction

There has been some recent discussion here concerning how to save password information. In general, it is a Very Bad Idea(tm) to just store a password in an application, data file, INI file, registry, or anywhere but in volatile memory.

A better idea than trying to save a password is to save a "cryptological hash" of the password. Cryptographers call this type of hash a "digest". A digest function in this context is just a function that takes a block of text (called "the plaintext") and computes a checksum type number for that block. Cryptological digests have the properties that,

  • It is highly unlikely that different input text will produce the same digest.
  • It is very, very difficult if not totally impossible to get from the digest back to the input plaintext.

Programmers wishing to secure their password data can immediately compute the digest of the password, and then save that. When the user is prompted for a password, the digest of the input password candidate is computed, and this digest is compared against the stored digest. If they are equal, then the user has entered the correct password. Note that the programmer can post the stored hash value on a public web page or a billboard on the highway, and the security of his product is not compromised. He or she has no worries about someone with a hex editor digging out passwords.

Digests may also be used to verify that a message has been transmitted correctly, in a manner similar to cyclic redundancy checks.

A proven digest algorithm is "Message Digest Five" by Ron Rivest (Ron is the ‘R’ in RSA). It is described in Internet RFC 1321, "The MD5 Message-Digest Algorithm". A google search will provide hundreds of links to this RFC, I used the one I found here. This RFC includes a K&R style ‘C’ implementation of the MD5 algorithm. This implementation is a bit awkward to use, so I’ve wrapped it in a simple generic C++ class.  The class is called CMD5. It has only four interesting members:

CMD5();    //default ctor

CMD5(const char* plainText);  //set plaintext in ctor

void setPlainText(const char* plainText);
    // set plaintext with a mutator, it's ok to 
    // to call this multiple times, the digest is 
    // recalculated after each call.
                                           
const char* getMD5Digest();
    // access message digest (aka hash), return 0 if
    // plaintext has not been set

To use the class, just set the plain text either in the constructor or with the setPlainText member. The class calls a very slightly modified version of the RFC 1321 code to compute the digest, which is immediately available by calling getMD5Digest.

Here is some pseudo code showing how to use this class:

cout >> "Enter password:"; 
cin >> strUserEnteredPassword;
CMD5 md5((const char*)strUserEnteredPassword));
if(strcmp(md5.getMD5Digest(), 
  (const char*)m_PreviouslyStoredDigestOfTheActualPassword)==0)
{ 
    //password is valid
} 
else
{   
    //user entered incorrect password
}

To use the class, you need these files:

  • md5class.h and md5class.cpp - The CMD5 C++ code.
  • global.h, MD5.h, md5.c - Slightly modified versions of the RFC 1321 code.

These files are generic C++. The zip file includes a Win32 console app project that includes a main.cpp file. This little program runs the verification examples provided in the RFC. I use STL in this demo, but not in the class itself.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Share

About the Author

Jim Howard
Web Developer
United States United States
just another c++ developer, except that im really
old, almost 51!

You may also be interested in...

Comments and Discussions

 
QuestionPotential flaw Pin
-dZb-13-Sep-11 11:08
member-dZb-13-Sep-11 11:08 
QuestionRestore the password how I can do? Pin
JasonShen11122-Mar-06 20:05
memberJasonShen11122-Mar-06 20:05 
AnswerRe: Restore the password how I can do? Pin
Jim Howard23-Mar-06 4:29
memberJim Howard23-Mar-06 4:29 
General[Small Tip] To reuse CMD5 in your MFC/eVC++4 project Pin
Jae Hyoung Kim18-Sep-05 11:59
memberJae Hyoung Kim18-Sep-05 11:59 
GeneralRe: [Small Tip] To reuse CMD5 in your MFC/eVC++4 project Pin
freaky_flow4-Oct-07 2:56
memberfreaky_flow4-Oct-07 2:56 
General[solved]Re: [Small Tip] To reuse CMD5 in your MFC/eVC++4 project Pin
freaky_flow4-Oct-07 3:56
memberfreaky_flow4-Oct-07 3:56 
Generalsmaller tip Pin
DrJohnAir12-Mar-08 18:40
memberDrJohnAir12-Mar-08 18:40 
GeneralMD5 broken... Pin
Anonymous16-Feb-05 7:47
sussAnonymous16-Feb-05 7:47 
QuestionUnicode? Pin
blongtq1-Mar-04 23:11
memberblongtq1-Mar-04 23:11 
AnswerRe: Unicode? Pin
jeffreyz8-Feb-05 14:49
memberjeffreyz8-Feb-05 14:49 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web03 | 2.8.150624.2 | Last Updated 10 Jan 2001
Article Copyright 2001 by Jim Howard
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid