Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NacosRefreshHistory uses BigInteger's toString(16) method to calculate md5. #3853

Closed
photowey opened this issue Sep 19, 2024 · 4 comments
Closed

NacosRefreshHistory uses BigInteger's toString(16) method to calculate md5. #3853

photowey opened this issue Sep 19, 2024 · 4 comments
Assignees
@ruansheng8
Labels
area/nacos spring cloud alibaba nacos kind/question stale wait-for-feedback

Comments

@photowey
Copy link

NacosRefreshHistory 直接采用 BigInteger 的 toString(16) 方法来计算 MD5,是否有计算结果长度不足32位数的风险?
NacosRefreshHistory uses BigInteger's toString(16) method to calculate md5. Is there a risk that the calculated result will be less than 32 digits long?

Which Component
Nacos 配置中心
Nacos(spring-cloud-starter-alibaba-nacos-config)
版本: 2023.x
version: 2023.x

Describe what problem you have encountered
直接采用 BigInteger#toString(16) 计算 md5
NacosRefreshHistory uses BigInteger's toString(16) method to calculate md5.

// com.alibaba.cloud.nacos.refresh.NacosRefreshHistory#md5
private String md5(String data) {
    if (StringUtils.isEmpty(data)) {
        return null;
    }
    if (null == md) {
        try {
            md = MessageDigest.getInstance("MD5");
        }
        catch (NoSuchAlgorithmException ignored) {
            return "unable to get md5";
        }
    }

   // toString(16) ?
    return new BigInteger(1, md.digest(data.getBytes(StandardCharsets.UTF_8)))
        .toString(16);
}

Describe what information you have read
直接阅读源码发现的。
I have read the source code of Nacos(spring-cloud-starter-alibaba-nacos-config).
@yuluo-yx yuluo-yx added kind/question area/nacos spring cloud alibaba nacos labels Sep 19, 2024
@ruansheng8
Copy link
Collaborator

BigInteger.toString(16) 中的 16 是表示 16 进制,并不是字符串的长度。

@photowey
Copy link
Author

photowey commented Sep 27, 2024
edited
Loading

Test case:

    @Test
    void testMD5Length() {
        Random random = new Random();
        for (int i = 0; i < 10_000; i++) {
            int randomLength = random.nextInt(100);
            // @see https://github.com/aventrix/jnanoid
            String nanoid = NanoIdUtils.randomNanoId(NanoIdUtils.DEFAULT_NUMBER_GENERATOR, NanoIdUtils.DEFAULT_ALPHABET, randomLength);
            String md5 = md5(nanoid);
            if (md5.length() < 32) {
                System.out.println(nanoid);
                System.out.println(md5);
                System.out.println(md5.length());
                break;
            }
        }
    }

// Output:
// pIzSCJjkj
// d5a0763f00d07ce414ea6ffc46d26a6
// 31

// Expect: 
// 0 + d5a0763f00d07ce414ea6ffc46d26a6
// 0d5a0763f00d07ce414ea6ffc46d26a6

@github-actions GitHub Actions
Copy link

This issue has been open 30 days with no activity. This will be closed in 7 days.

@github-actions github-actions bot added the stale label Oct 27, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 3, 2024

This issue has been automatically marked as stale because it hasn't had any recent activity.If you think this should still be open, or the problem still persists, just pop a reply in the comments and one of the maintainers will (try!) to follow up. Thank you for your interest and contribution to the Sping Cloud Alibaba Community.

@github-actions github-actions bot closed this as completed Nov 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ruansheng8 ruansheng8

Labels
area/nacos spring cloud alibaba nacos kind/question stale wait-for-feedback
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ruansheng8 @photowey @yuluo-yx