watch out - md5 sum bug

The other day I was in for a rude surprise when it was reported that in the application which we had developed, the authentication at times fails. The application required to auto generate an md5 encrypted value for authentication and it was found that md5 value generated was dropping the leading zero's when ever the actual md5 sum value was supposed to have leading zero's.

It was a rude shock for me.

This was the piece of code that I had,

String unencryptedValue= "test"; MessageDigest m= MessageDigest.getInstance("MD5"); m.update(unencryptedValue.getBytes(),0,unencryptedValue.length());
String encryptedValue = new BigInteger(1,m.digest()).toString(16);

Then it took me some time to realize that the BigInteger casting was causing the havoc, and at the same time waruna gave me a link to the following blog http://jdwyah.blogspot.com/2006/08/java-md5-password-hash.html, which has the solution for the above problem,

its just a matter of introducing another method which would pad the leading zero's to the md5 value to make up the required length.

the fixed code looked something like below,

String unencryptedValue= "test"; MessageDigest m= MessageDigest.getInstance("MD5"); m.update(unencryptedValue.getBytes(),0,unencryptedValue.length());
String encryptedValue = new BigInteger(1,m.digest()).toString(16);
encryptedValue = fixLeadingZeroBug(encryptedValue, 32, '0');

public String fixLeadingZeroBug(String s, int length, char pad) { StringBuffer buffer = new StringBuffer(s); while (buffer.length() <> buffer.insert(0, pad); } return buffer.toString(); }

It was just now a matter of fixing the bug and instead I learnt an important lesson to be a mindful of these leading zero's when ever an integer is used in place of having it as a String for intermediate processing. But unfortunately I had to learn it the hard way. :(

Factory Method

The third in the series was the factory method, was rather a simple pattern to present. Any how for the last two weeks (thanks to vanky) I have been having the Head first pattern book with me. This provided me with a nice peace of example which I could use for the presentation.

I had a big surprise at the presentation when I suddenly found that the presentation that i was making was being recorded on video. Probably I should be more careful when i make my next one as I leaving evidence of all the lies I say at the presentation.... haha

Composite pattern

I had the opportunity of doing my second presentation of the Design pattern series of presentations which my self and Vidula were doing alternatively. This time it was the Composite pattern that I had to present on. Got a bit too busy and the slides which I created for the purpose was something I didn't feel proud about, it was a bit incomplete and I just scrapped through explaining the essentials of the pattern in a half an hours time.

And then came the question of the day! Harsha presented the audience and myself with a question to try.

He simply asked us to use the composite pattern to solve a search problem????

"The question"

Suppose you have a gui like follows,
How is it possible to use the composite pattern to create the where clause of the sql statement dynamically?

It was a nice question to make us think about the composite pattern and its practical application.

This in turn led to an interesting discussion on topic.

The solution to this, as explained by romith, was to have the AND and the OR as the nodes and the criteria like the Name , City etc as the leaves!

Initially I thought that the Name, City and NIC could be made into nodes and have the AND and OR as the leaves.It was quiet rightly pointed out by Harsha that it would work , but was not the correct answer, as it was not a scalable solution and having it the other way around would provide with an extensible and a scalable solution.

I ended this presentation with a lot of self satisfaction as it was a presentation that I left with a clear picture about the topic than the idea that I had at the start of it! But ironically I was the presenter.. haha poor audiance!