0

Trying to create a secure login I have decided to create an MD5 hash using the following code, adapted a small bit from How can I generate an MD5 hash?

However, this doesn't generate the same hash when the user is created as is created on the login page. why is this as I thought the hash was unique to each string.

 MessageDigest messageDigest = null; try{ messageDigest = MessageDigest.getInstance("MD5"); }catch(NoSuchAlgorithmException e){ System.out.println("Error: " + e); } messageDigest.reset(); messageDigest.update(inPassword.getBytes()); byte[] digest = messageDigest.digest(); BigInteger bigInt = new BigInteger(1, digest); String encodedPass = bigInt.toString(16); while (encodedPass.length() < 32) { encodedPass = "0" + encodedPass; } inPassword = encodedPass;
Improve this question

3 Answers 3

Reset to default
2

This is at least part of the problem:

messageDigest.update(inPassword.getBytes());

That's using the platform default encoding to convert the password to bytes. That could vary on each system you run it on. I would strongly suggest you specify an encoding - ideally one which will cope with all Unicode characters (e.g. UTF-8).

You might also want to think about salting, and using something better than MD5, and I'm not sure about your conversion from byte[] to hex - it might be okay, but I'd find a library to just do the whole thing without using BigInteger.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Following is the complete code that you might need.

import java.io.FileInputStream; import java.security.MessageDigest; public class MD5CheckSumExample { public static void main(String[] args)throws Exception { MessageDigest md = MessageDigest.getInstance("MD5"); FileInputStream fis = new FileInputStream("c:\\loging.log"); byte[] dataBytes = new byte[1024]; int nread = 0; while ((nread = fis.read(dataBytes)) != -1) { md.update(dataBytes, 0, nread); }; byte[] mdbytes = md.digest(); //convert the byte to hex format method 1 StringBuffer sb = new StringBuffer(); for (int i = 0; i < mdbytes.length; i++) { sb.append(Integer.toString((mdbytes[i] & 0xff) + 0x100, 16).substring(1)); } System.out.println("Digest(in hex format):: " + sb.toString()); //convert the byte to hex format method 2 StringBuffer hexString = new StringBuffer(); for (int i=0;i<mdbytes.length;i++) { String hex=Integer.toHexString(0xff & mdbytes[i]); if(hex.length()==1) hexString.append('0'); hexString.append(hex); } System.out.println("Digest(in hex format):: " + hexString.toString()); } }
Improve this answer

Comments

0

Try this, it works for me:

messageDigest.update(myString.getBytes(), 0, myString.length());

The rest of your code seems correct. Hope it helps! :)

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.