NacosRefreshHistory uses BigInteger's toString(16) method to calculate md5.

Question

NacosRefreshHistory uses BigInteger's toString(16) method to calculate md5.

Closed this issue 2 months ago · 5 comments

NacosRefreshHistory 直接采用 BigInteger 的 toString(16) 方法来计算 MD5,是否有计算结果长度不足32位数的风险？
NacosRefreshHistory uses BigInteger's toString(16) method to calculate md5. Is there a risk that the calculated result will be less than 32 digits long?

Which Component
Nacos 配置中心
Nacos(spring-cloud-starter-alibaba-nacos-config)
版本: 2023.x
version: 2023.x

Describe what problem you have encountered
直接采用 BigInteger#toString(16) 计算 md5
NacosRefreshHistory uses BigInteger's toString(16) method to calculate md5.

// com.alibaba.cloud.nacos.refresh.NacosRefreshHistory#md5
private String md5(String data) {
    if (StringUtils.isEmpty(data)) {
        return null;
    }
    if (null == md) {
        try {
            md = MessageDigest.getInstance("MD5");
        }
        catch (NoSuchAlgorithmException ignored) {
            return "unable to get md5";
        }
    }

   // toString(16) ?
    return new BigInteger(1, md.digest(data.getBytes(StandardCharsets.UTF_8)))
        .toString(16);
}

Describe what information you have read
直接阅读源码发现的。
I have read the source code of Nacos(spring-cloud-starter-alibaba-nacos-config).

Answer 1 · 2024-09-26T07:37:53.000Z

BigInteger.toString(16) 中的 16 是表示 16 进制，并不是字符串的长度。

Answer 2 · 2024-09-27T18:49:20.000Z

Test case:

    @Test
    void testMD5Length() {
        Random random = new Random();
        for (int i = 0; i < 10_000; i++) {
            int randomLength = random.nextInt(100);
            // @see https://github.com/aventrix/jnanoid
            String nanoid = NanoIdUtils.randomNanoId(NanoIdUtils.DEFAULT_NUMBER_GENERATOR, NanoIdUtils.DEFAULT_ALPHABET, randomLength);
            String md5 = md5(nanoid);
            if (md5.length() < 32) {
                System.out.println(nanoid);
                System.out.println(md5);
                System.out.println(md5.length());
                break;
            }
        }
    }

// Output:
// pIzSCJjkj
// d5a0763f00d07ce414ea6ffc46d26a6
// 31

// Expect: 
// 0 + d5a0763f00d07ce414ea6ffc46d26a6
// 0d5a0763f00d07ce414ea6ffc46d26a6

Answer 3 · 2024-10-27T18:52:12.000Z

This issue has been open 30 days with no activity. This will be closed in 7 days.

Answer 4 · 2024-11-03T18:52:17.000Z

This issue has been automatically marked as stale because it hasn't had any recent activity.If you think this should still be open, or the problem still persists, just pop a reply in the comments and one of the maintainers will (try!) to follow up. Thank you for your interest and contribution to the Sping Cloud Alibaba Community.

Answer 5 · 2024-11-28T15:42:21.000Z

@ruansheng8 您可能没理解 issue 的原意。长度不足32位数 是指: 通过 BigInteger#toString(16) 计算出来的 md5 值的长度可能小于 32 位数(比如: 31 位)，而不是您提及的把16进制的16理解为长度16。通常的解决办法是采用补0 的方式来解决。具体例子见上文随机串例子: pIzSCJjkj -> d5a0763f00d07ce414ea6ffc46d26a6。