Comparing gcrypt MD5 outputs to a existing hash

Question

I been given an MD5 output (a 16 byte hex string) and I need to figure out what the message used to make the hash was.

I want to compare it with the output of gcrypts gcry_md_hash_buffer(), but I'm sure how to declare it in such a way that strcmp() will know the two are the same.

I had tried this earlier:

char answerHash[16] = {0x57, 0x50, 0x1a, 0xc7, 0xb9, 0xd5, 0x44, 0x0a, 0xde, 0xe8, 0xb3, 0xdd, 0x97, 0x09, 0x72, 0xcb};

But that ended up eating part of a different string when I tried printf()

Sample of the problem area:

gcry_md_hash_buffer(GCRY_MD_MD5, result, answerString, strlen(answerString));

char answerHash[16] = {0x57, 0x50, 0x1a, 0xc7, 0xb9, 0xd5, 0x44, 0x0a, 0xde, 0xe8, 0xb3, 0xdd, 0x97, 0x09, 0x72, 0xcb};

if(strcmp(result, answerHash) == 0){
printf("strcmp() works.\n");
}

EDIT: I don't think I'm explaining this correctly. Let's try again.

The prof has a secret message, and has given us it's MD5 hash output. He wants us to write a program to find the original message through brute force.

The message is 11 char long, but he's already told us what 5 of the chars are. From this, I guessed the secret message, but I still have to write the program. :(

I already have the MD5 part working, but I need to figure out how to get the output I get from my MD5 against the MD5 he's given us.

In other words, I need way to declare a variable so that it contains the profs hash, and can be compared (by strcmp() or memcmp(), I'm not picky) to the output I get from gcry_md_hash_buffer().

EDIT2:

Antoine's got it. memcmp() does the trick! Thank you so much!

Answer 1

First, you should use memcmp which assumes fixed-sized array instead of strcmp which assumes zero-terminated strings, since your hash may contain zeros.

Second, I don't know where answerString comes from, but if you're doing a brute force search you're not sure to recover the original string, just a string which has the same MD5 hash. That may or may not bee enough for your purposes.

Otherwise, I'm not sure what's your problem:

    #include <string.h>
    static const char a[16] = {0x57, 0x50, 0x1a, 0xc7, 0xb9, 0xd5, 0x44, 0x0a, 0xde, 0xe8, 0xb3, 0xdd, 0x97, 0x09, 0x72, 0xcb};
    static const char b[16] = {0x57, 0x50, 0x1a, 0xc7, 0xb9, 0xd5, 0x44, 0x0a, 0xde, 0xe8, 0xb3, 0xdd, 0x97, 0x09, 0x72, 0xcb};
    return memcmp(a, b, 16); // => returns 0

Now, you mentionned printf. I hope you're not doing printf(a) ? Because your hash is an array of char, or char* which in C unfortunately also happens to be the type of strings. But the crucial difference between the two is that C-strings are zero-terminated. That means that every function accepting a string, such as printf or strlen excepts its char* input to be terminated by a 0. If it's not the case it will dangerously scan the memory outside of your variable until it finds a 0 byte.