• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

MD5 Hash question

C

Cintirich

Limp Gawd
Joined
Oct 9, 2006
Messages
244
Hi folks,

My boss is asking me to replicate the process we pay a vendor to do which is taking some data we send them via text file, applying MD5 one way hash to it, and distributing the hashed file to our vendors.

I got a copy of gpg4win and used it to hash a text file but it adds the .gpg extension to the end of the file so it looks like this: filename.txt.gpg.

I sent that file to our vendor and they are saying they can't work with it because of the .gpg file extension.

I'm guessing that simply removing the ".gpg" and leaving the .txt would be too easy so here's my question:

Is there another program that can hash text file, while leaving them as .txt docs or is there some way to redeem the .gpg files that I'm getting now?

Thanks!
 
Cintirich said:
Hi folks,

My boss is asking me to replicate the process we pay a vendor to do which is taking some data we send them via text file, applying MD5 one way hash to it, and distributing the hashed file to our vendors.
Click to expand...

What is a "hashed file" in this context? You have the file and the hash, there is no "hashed file". What do you actually send and why?
 
TCM said:
What is a "hashed file" in this context? You have the file and the hash, there is no "hashed file". What do you actually send and why?
Click to expand...

Some MD5 programs will generate a file with the hash inside it...sometimes calling it ".md5" or ".txt". Either way I'm kind of scratching my head here too.
 
TCM said:
What is a "hashed file" in this context? You have the file and the hash, there is no "hashed file". What do you actually send and why?
Click to expand...

Sorry for the late reply.

We send a 3rd party vendor an email suppression list to scrub their outbound emailing list of people who have requested we don't contact them, per CAN SPAM laws.

The file is encrypted with MD5 so that an unscrupulous vendor cant take our email suppression list and use the live emails within which they could easily do if we sent it via plain text.

To directly answer your question, we send a list of emails that is encrypted so that they can't read them. This is industry standard. Their software compares their mailing list to the encoded suppression list and scrubs any matching emails so that no one who has opted out gets an email from us or our vendors.

I hope that clears things up.
 
Electrofreak said:
so, why can't you just rename the files? Maybe I'm misunderstanding.
Click to expand...

When I rename it (deleting the .gpg and leaving the .txt), it contains a giant string of characters like this:

耍鑌꠭革웓⍊炙뼱ẙ⷗傎䡇斍뒡괧
 
Cintirich said:
The file is encrypted with MD5 so that an unscrupulous vendor cant take our email suppression list and use the live emails within which they could easily do if we sent it via plain text.
Click to expand...

I would help if you got your terminology right. MD5 is not encryption. Plus the file isn't hashed. From what I could understand you are sending a list of hashes of email addresses.

Every UNIXoid OS has an MD5 utility. If you're on Win, google md5.exe.
 
TCM said:
I would help if you got your terminology right. MD5 is not encryption. Plus the file isn't hashed. From what I could understand you are sending a list of hashes of email addresses.

Every UNIXoid OS has an MD5 utility. If you're on Win, google md5.exe.
Click to expand...

I probably am mixing up some of the terminology. I apologize for the confusion. As you can probably detect, the major issue I'm running into here is that I am a lay person trying to replicate the process of someone trained in IT security, in which I have no experience, training or tools.

I majored in IS in college but my line of work doesn't keep my hand in that area on a day to day basis. Perhaps it would be better if I just abandoned my muddled backgound information which is just confusing people and asked a new, simpler question.

As an IT security neophyte, what are the minimum tools I need to take my .txt file of email addresses and apply the MD5 algorythm to it so I can send it to my vendors?

That's probably still not exactly correct, but hopefully in the context of this thread, you can understand what I'm trying to ask. Of course I'll be happy to clarify or provide additional information if you need it.

Thank you.
 
Last edited:
Examples are helpful for this kind of thing. To clarify do you want to take an input that looks like this

Input:
Code: 
address1@example.com
address2@example.com

and turn it into this?

Output:
Code: 
65694899f270dbd55e9a7c76a6b93852
96ac07bbfbcd02c2244175eda02ec8af
 
You need the equivalent of

Code: 
while read address; do echo -n ${address} | md5; done <adresses.txt >hashes.txt

Someone versed in PowerShell or similar has to step in.
 
Disregard. Did not read the thread hard enough.

If I were in your position I would write a python script to input your text list of e-mail addresses, run an MD5 over the addresses, and output them to another text file. No need to screw around with GPG doing the whole file.
 
Last edited:
devman said:
Examples are helpful for this kind of thing. To clarify do you want to take an input that looks like this

Input:
Code: 
address1@example.com
address2@example.com

and turn it into this?

Output:
Code: 
65694899f270dbd55e9a7c76a6b93852
96ac07bbfbcd02c2244175eda02ec8af
Click to expand...

exactly correct.
 
Blackjack988 said:
Disregard. Did not read the thread hard enough.

If I were in your position I would write a python script to input your text list of e-mail addresses, run an MD5 over the addresses, and output them to another text file. No need to screw around with GPG doing the whole file.
Click to expand...

I think he just clarified for us that his skills aren't really adequate for this type of task. He's looking for a utility that could do what he's looking for... or something that can rename the file without breaking the hash.
 
Electrofreak said:
I think he just clarified for us that his skills aren't really adequate for this type of task. He's looking for a utility that could do what he's looking for... or something that can rename the file without breaking the hash.
Click to expand...

This is correct.

If there is a simple way to do a command line in Windows 7, that might work, but otherwise, probably a utility.
 
You must log in or register to reply here.
Back
Top