- MD5 is a widely used cryptographic hash function, which produces a hash of 128 bit. In this article, we will see different approaches to create MD5 hashes using various Java libraries. MD5 Using MessageDigest Class.
- The MySQL MD5 function is used to return an MD5 128-bit checksum representation of a string. The MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. The value returned by the MD5 function is a binary string of 32 hexadecimal digits, or NULL if the argument was NULL.
TextEncode.com is a one stop platform for text encoding and decoding.No need to roam around on internet searching for the text encoding and decoding online tool. You can find the most popular text encoder and decoder at a single destination. Be it MD5 generator, Base64 encoder, Base64 decoder or URL encoder, you just name it and you will find it here only at TextEncode.com. MD5 was designed by Ron Rivest in 1991 to replace an earlier hash function, MD4. MD5 is one in a series of message digest algorithms designed by Professor Ronald Rivest of MIT (Rivest, 1992). When analytic work indicated that MD5's predecessor MD4 was likely to be insecure, MD5 was designed in 1991 to be a secure replacement.
Statistically speaking, for any string (and there is an infinite number), the MD5 associates for a given value a 128-bit fingerprint (a finite number of possibilities). It is therefore mandatory that there are collisions (2 strings with the same hash). Several research works on the subject have demonstrated that the MD5 algorithm, although creating a large entropy of data, could be attacked, and that it was possible to generate chains with the same fingerprints (after several hours of neat calculations).
Example: Discovered by Wang & Yu in How to break MD5 and other hash functions, the two hexadecimal values (the values and not the ASCII string) 4dc968ff0ee35c209572d4777b721587d36fa7b21bdc56b74a3dc0783e7b9518afbfa200a8284bf36e8e4b55b35f427593d849676da0d1555d8360fb5f07fea24dc968ff0ee35c209572d4777b721587d36fa7b21bdc56b74a3dc0783e7b9518afbfa202a8284bf36e8e4b55b35f427593d849676da0d1d55d8360fb5f07fea2 have the same hash: '008ee33a9d58b51cfeb425b0959121c9 (they only differ by 8 hexadecimal digits)
Since this publication in 2005, MD5 encryption is no longer considered cryptographically, giving way to its successors: SHA1 then SHA256.
Let’s venture into encryption today and understand the md5 and base64 commands in Linux. Encryption is a subject for every person tasked with keeping their data secure. Data breaches can cause loss of thousands, if not millions. A loss bigger than the money is the loss of credibility. Encryption encodes your data in an attempt to keep it safe from unauthorized access. In this tutorial, we’re going to cover some of the very basic aspects of making sure that the data that’s transferred over the internet is intact and that no one has tampered with it.
Starting out with Encryption
When storing passwords on the database, the most secure way is to encrypt the passwords with a one-way encryption algorithm like MD5 so it cannot be reversed. When a user enters the password, the password is encrypted again with MD5 and the hashes are then compared on the back-end to verify that the passwords are the same.
On the other hand, Base64 is a regular two-way encryption algorithm that allows both encryption and decryption of the data that’s passed to it. This isn’t going to be the most optimal choice if you want to ensure security but it would be a good idea to use it if your initial idea is to send data in plaintext.
Introducing the MD5 and Base64 Commands on Linux
Let’s get right into it and understand the different uses of MD5 and Base64 commands. We’ll go over the basic syntax and some of the use cases that you can work with when using these commands.
Fundamental Differences Between the MD5 and Base64
When you need to transmit a file that contains various characters like Unicode, or has formatting that some networks don’t accept, encoding the file with Bas64 makes it possible to transmit the file. But the reasons why Base64 no longer is as popular as it was before is that:
- The use cases are very limited since the encryption is very weak
- Almost all networks and routers that our data passes through, accept data in all the basic formats (including Unicode)
- There are much better algorithms now
There obviously could be more reasons to even vote “for” base64 to be alive but compared to MD5’s usage at present, base64 is nowhere to be seen. But now that you have a good understanding of the algorithms, let’s move on to their usage on Linux
The md5sum Command in Linux
MD5, short for Message-Digest algorithm 5, is a cryptographic hashing algorithm. It is widely used as a checksum command to verify the integrity of files or strings. To do so, it utilizes a 128-bit character string which will remain unchanged no matter how many times it is generated for a particular file.
The hash generated using MD5 is not reversible, so there’s no way to figure out the contents for which the specific hash was generated.
Basic syntax of the md5sum command on Linux
This creates an alphanumeric hash for our file and displays it based on our options. Here is a list of some options available to us while using the MD5 command in Linux.
While these are the most frequently used options, there are other options you can explore using the man md5sum. Now let us discuss Base64 command.
The base64 Command in Linux
Now base64 is not an encryption algorithm but simply an encoding algorithm that allows you to transfer files while maintaining integrity. (an interesting StackOverflow question)
Basic syntax for the base64 Command in Linux
This takes our input_file, encodes or decodes it, and saves the result in output_file based on our options. Here are five main options we use in the Base64 command in Linux.
Using the md5sum and base64 Commands in Linux
Now that we understand the MD5 and Base64 commands in Linux, it is time to use them.
MD5 and Base64 commands are commonly used for three purposes –
- Creating a hash
- Verifying a hash
- Checking package signatures.
Let us have a look at each of these individually.
Creating a Hash with md5sum and base64 Commands
How To Create Md5 Hash
To create a hash using MD5 and Base64 commands in Linux, we need to use MD5 to generate a hash then encode it using Base64. For this example, we will be using the file TESTFILE.txt to generate a hash
Open the terminal and type the following command. Replace the file name as per your needs.
Md5 Encoding Decoding
As you can see, we have generated the hashes based on the content within the file. Now you need to remember that the hash that’s generated is based on the content that is present within the file and not based on the file name. If the content is changed, the hash will change and that will help the receiving user understand that the file has been tampered with.
Let’s save these hashes within individual files using the output redirection operator “>”.
Verifying a MD5 or Base64 Hash
Just like we created Base64 encoded MD5 hashes for our file, these commands can also be used to verify the hash for a particular file. To do so, we first begin by using the Base64 command to decode the contents of pass.txt and save the decoded data in decode.txt as our output file.
The following screenshot shows how this is done.
Here’s the major difference that you’ll notice when using MD5 vs Base64. Base64 directly encrypts the data and makes the plaintext file unreadable when transferring it over the internet. When decrypted, the contents of the file are directly visible.
Compared with MD5, it simply verifies if the data within the file is the same as it was before the hash was generated. As you can see, it says “example.txt: OK” which is a confirmation that the hash generated for example.txt matches the one that’s generated right now while verifying the file.
Checking Package Signatures
Let me demonstrate how you can verify the package signatures of files that you download from over the internet. Nowadays, you’ll find the .md5 file is available for download along with the original file.
Since the process for verifying hashes is going to be the same, here are the 3 steps that I’ll be taking to demonstrate how we can use MD5 to verify package signatures.
- Show the contents of the file and create a MD5 and Base64 Hash for the file
- Verifying that the contents of the hash and the file are correct.
- Change the contents of the file and verify the hashes for the file
Let’s create the hashes first from the “example.txt” file.
Verifying that the contents of the hash and the file are correct.
Change the contents of the file and verify the hashes again
As you can see, this time after we changed the content of the file, the hash verification failed and gave us a message warning that the checksum doesn’t match.
String To Md5
But in the case of Bas64, it isn’t really checking with what the content in the original file is. It simply decrypts whatever base64 data is presented to it. So we get the data that we originally had encrypted.
Final Words…
Md5 Encoding Decoding
We’ve covered the basic usage of the md5 and base64 commands here but there’s a lot more that you can play around with. But the major pointers to remember are these:”
Md5 Encoding
- MD5 is a hashing algorithm and the md5sum command is used to verify the integrity of packages by comparing with the hash data from before being transmitted over the internet.
- Base64 is an encryption algorithm (though it’s way too weak to use on something important). It works by encrypting the data that is presented to it and then decrypting the encrypted text back to the original data.