java Mac behavior between jdk 1.3 and 1.4 - Java

Nash Rack wrote:

> This small program prints same output everytime I run it using jdk 1.3
> and jce1_2-do.jar.
>
> But when I run it using jdk 1.4, it prints different values everytime
> I run it. Has the behavior of Mac class changed in 1.4? How can I make
> it print the same value in 1.4 also?
>
> import java.security.Provider;
> import java.security.Security;
> import java.security.spec.*;
> import javax.commerce.util.*;
>
> public class t1 {
>
> public static void main(String[] args) {
> try {
> String ctext = "message";
> Provider sunJce = new
> com.sun.crypto.provider.SunJCE();
>
> Security.addProvider(sunJce);
>
> javax.crypto.KeyGenerator kg =
> javax.crypto.KeyGenerator.getInstance("HmacMD5", sunJce.getName());
>
> javax.crypto.SecretKey sk = kg.generateKey();

Does this generate a fresh, random, secret key? If so, how did you
get the same output twice with Java 1.3?

>
> Mac mac = Mac.getInstance("HmacMD5",
> sunJce.getName());
>
> byte[] b1 = sk.getEncoded();

Is b1 the 128-bit HMAC-MD5 secret key? Is it ever the same twice?

> mac.init(sk);
>
> byte[] bmac = mac.doFinal(ctext.getBytes());
>
> BASE64Encoder benc = new BASE64Encoder();
> System.out.println("string " + benc.encode(bmac));
> } catch (Exception e) {
> System.err.println("excp: " + e.getMessage());
> e.printStackTrace();
> }
> }
>
> }

--Mike Amling

> Does this generate a fresh, random, secret key? If so, how did you
> get the same output twice with Java 1.3?

I'm not an expert in these Classes but it does print the same output
everytime with jdk 1.3. In fact, this code is being used to generate
hashed password for our application users and the users are able to
login successfully everytime. Now that we're upgrading to 1.4, this
issue has come up. No user is able to login successfully. Is HmacMD5
even the correct thing to use to generate hashed passwords for users?

> Does this generate a fresh, random, secret key? If so, how did you
> get the same output twice with Java 1.3?

I added some debugging messages for testing with 1.3 and found that it
generates different key everytime and still the output from
mac.doFinal is same everytime.

Thanks,
Nash.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nash Rack wrote:

>> Does this generate a fresh, random, secret key? If so, how did you
>> get the same output twice with Java 1.3?
>
> I'm not an expert in these Classes but it does print the same output
> everytime with jdk 1.3. In fact, this code is being used to generate
> hashed password for our application users and the users are able to
> login successfully everytime. Now that we're upgrading to 1.4, this
> issue has come up. No user is able to login successfully. Is HmacMD5
> even the correct thing to use to generate hashed passwords for
> users?
>
>> Does this generate a fresh, random, secret key? If so, how did you
>> get the same output twice with Java 1.3?
>
> I added some debugging messages for testing with 1.3 and found that
> it generates different key everytime and still the output from
> mac.doFinal is same everytime.
>
> Thanks,
> Nash.

Hi,
That sounds like a serious bug in 1.3. With different keys, the output
of the Mac *should* be different. If you are simply trying to use
hashed passwords to avoid storing the passwords in plaintext, use
java.security.MessageDigest, with algorithm, say, "SHA-1".
MessageDigests don't use keys, so they'll return the same hash value
each time. If you were to use a Mac, you'd need to store the key
somewhere, as well as the output, so that you could use the same key
later when Mac-ing the password the user typed in.

Chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBA97EnwjA8LryK2IRAoTmAKCoWQArs0Th1LCZCa79y35n6B2a8gCgwMD0
Yx1PqNYENQmMX2fbI9TIHtA=
=GHbO
-----END PGP SIGNATURE-----

Nash Rack wrote:
>>Does this generate a fresh, random, secret key? If so, how did you
>>get the same output twice with Java 1.3?
>
>
> I'm not an expert in these Classes but it does print the same output
> everytime with jdk 1.3. In fact, this code is being used to generate
> hashed password for our application users and the users are able to
> login successfully everytime. Now that we're upgrading to 1.4, this
> issue has come up. No user is able to login successfully. Is HmacMD5
> even the correct thing to use to generate hashed passwords for users?

You're much better off using SRP, certainly if this login is
occurring across an unencrypted channel. See
http://srp.stanford.edu/design.html. Also, SRP only needs a hash, such
as java.security.MessageDigest("MD5"), and BigInteger, not the JCE or a
JCE provider.

>
>>Does this generate a fresh, random, secret key? If so, how did you
>>get the same output twice with Java 1.3?
>
>
> I added some debugging messages for testing with 1.3 and found that it
> generates different key everytime and still the output from
> mac.doFinal is same everytime.

For a correct implementation of HMAC (or any other MAC), the output
would vary with the secret key.

--Mike Amling