Whirlpool hash function doesn't return the expected hash

Question

According to https://www.online-convert.com/result/952ea2f0-6d2a-4027-aebf-8309b3888ffb the hash of "test" generated by the Whirlpool hash function is:

B913D5BBB8E461C2C5961CBE0EDCDADFD29F068225CEB37DA6DEFCF89849368F8C6C2EB6A4C4AC75775D032A0ECFDFE8550573062B653FE92FC7B8FB3B7BE8D6

Now, in the following lines of code I try to achieve the same thing in Java:

import gnu.crypto.hash.HashFactory;
import gnu.crypto.hash.IMessageDigest;
import gnu.crypto.util.Util;

import java.nio.charset.Charset;

public class Main {
    public static void main(String[] args) {
        byte[] input = "test".getBytes(Charset.forName("UTF-8"));
        IMessageDigest md = HashFactory.getInstance("whirlpool");
        md.update(input, 0, input.length);
        byte[] digest = md.digest();

        System.out.println("expected: B913D5BBB8E461C2C5961CBE0EDCDADFD29F068225CEB37DA6DEFCF89849368F8C6C2EB6A4C4AC75775D032A0ECFDFE8550573062B653FE92FC7B8FB3B7BE8D6");
        System.out.println("real:     " + Util.toString(digest));
    }
}

The output is as follows:

expected: B913D5BBB8E461C2C5961CBE0EDCDADFD29F068225CEB37DA6DEFCF89849368F8C6C2EB6A4C4AC75775D032A0ECFDFE8550573062B653FE92FC7B8FB3B7BE8D6
real:     E6B4AA087751B4428171777F1893BA585404C7E0171787720EBA0D8BCCD710DC2C42F874C572BFAE4CEDABF50F2C80BF923805D4E31C504B86CA3BC59265E7DD

With the empty string (similar to the selfTest) it returns the expected string. I'm using the gnu crypto library 2.0.1 from https://www.gnu.org/software/gnu-crypto/.

Does anyone have a hint why the real hash does not match the expected one?

I tried the same input using BouncyCastle and the result I got matched GNU Crypto. Are you sure the "expected" value is correct? — AlexC, Feb 12 '18 at 23:09
I used https://hash.online-convert.com/whirlpool-generator with "test" without the quotes as input and got the result "B91...". Interesting, that you're getting "E6B..." as well. — Mirco Widmer, Feb 12 '18 at 23:15
Using openssl: echo -n "test" | openssl dgst -whirlpool (stdin)= b913d5bbb8e461c2c5961cbe0edcdadfd29f068225ceb37da6defcf89849368f8c6c2eb6a4c4ac75775d032a0ecfdfe8550573062b653fe92fc7b8fb3b7be8d6 — AlexC, Feb 12 '18 at 23:20
When I hash "hashcat" (https://hashcat.net/wiki/doku.php?id=example_hashes) I get "e57fc143265bf3a566290cd59f7cd31ffe607e0acffe5a98bc7bb104e3f5bbd1fe047b42d054737a1adf37a626064bf6bba271e2b4dbaeab9e14c6d824a9246b" which also doesn't match the one listed on the hashcat website. — Mirco Widmer, Feb 12 '18 at 23:21
Whirlpool has been through several revisions. I guess the first thing to ask is, which version of the algorithm are you using or intend to use? The online converter, OpenSSL and Crypto++ use version 3 of the algorithm submitted for ISO standardization. OpenSSL and Crypto++ use *"test"* and arrive at *`B913D5BBB8E461C2...`*. Maybe it would be easier/better to use one of the ISO test vectors. — jww, Feb 13 '18 at 09:27

score 1 · Answer 1 · answered Jan 16 '20 at 04:30

I went around and around with Whirlpool and hashing and ended up using Bouncy Castle. If I run the following code, the last line gives me your expected result of B913....

public void bouncyCastle() {
    WhirlpoolDigest messageDigest = new WhirlpoolDigest();

    final String stringToHash = "test";
    messageDigest.reset();
    final byte[] bytes = stringToHash.getBytes();
    messageDigest.update(bytes, 0, bytes.length);

    byte[] hash = new byte[messageDigest.getDigestSize()];

    messageDigest.doFinal(hash, 0);

    System.out.println(Hex.toHexString(hash).toUpperCase());
}

This site was a good sanity check https://md5decrypt.net/en/Whirlpool/#answer

Here is the maven dependency I added to my project.

    <dependency>
        <groupId>org.bouncycastle</groupId>
        <artifactId>bcprov-ext-jdk15on</artifactId>
        <version>1.64</version>
    </dependency>

Whirlpool hash function doesn't return the expected hash

1 Answers1