On 1 Apr 2020, at 20:36, Andreas Fink wrote:
Your approach might not give you the intended result if you have
NSStrings containing Unicode characters which contains zero bytes.
Your strlen() call would stop at that character and not go to the full
length of a NSString. So a conversion to NSData and use its length
would be better. For ASCII and Laltin1 it wouldnt make a difference
though.
so this would be better appraoch:
NSData *d = [self dataUsingEncoding:NSUTF8StringEncoding];
unsigned char result[CC_MD5_DIGEST_LENGTH];
CC_MD5( d.bytes, (int)d.length, result );
One might add (you probably know) that MD5 is broken regarding
cryptographic purposes.[1]
For many use cases you should use something like SHA-2[2] or - if
targeting passwords - hashing and salting[3] instead.
Johannes
[1] https://en.wikipedia.org/wiki/MD5
[2] https://en.wikipedia.org/wiki/SHA-2
[3] https://download.libsodium.org/doc/password_hashing
