-1

I am converting my password in Md5 , its working fine and giving me md5 converted password but i also want to have special characters in my md5 password.

how can i achieve this

public String createMd5(String password){
    String salt = "Random$SaltValue#WithSpecialCharacters12@$@4&#%^$*";
    String hash = md5(password + salt);
    return hash;
}

public static String md5(String input) {
    String md5 = null;
    if(null == input) return null;
    try {
        MessageDigest digest = MessageDigest.getInstance("MD5");
        digest.update(input.getBytes(), 0, input.length());
        md5 = new BigInteger(1, digest.digest()).toString(32);
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    }
    return md5;
}
morgano
  • 17,210
  • 10
  • 45
  • 56
junaidp
  • 10,801
  • 29
  • 89
  • 137
  • What's the error you get with your current code? – morgano Aug 04 '13 at 11:39
  • no error , the password i am getting is like this : 10ad0lu5td4l03p452bl4jr785jeglp97h0vqv236lpv1raku1bo :: I also want some special characters in this output – junaidp Aug 04 '13 at 11:40

3 Answers3

2

md5() is a hash function that maps from any string to {0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f}^32.

You usually use it when you want to make sure that in case of a successful attack (this means the attacker could get your users data) the attacker does not have all users plaintext passwords (and hack e.g. their email accounds with this information).

You cannot get special characters out of md5() and it would not improve anything.

WARNING: MD5 should not be used anymore for hashing passwords as it is too fast to calculate (more information). Instead, you should use bcrypt with salt (example).

Community
  • 1
  • 1
Martin Thoma
  • 124,992
  • 159
  • 614
  • 958
1

there is nothing like "md5 converted password" md5 generates checksum which you can not control.

Zubaer Naseem
  • 454
  • 7
  • 14
  • but if you can tell me any way to save my password with special characters , is this not possible? – junaidp Aug 04 '13 at 11:44
  • i don't see why anyone would do this. probably what you need is encryption. Still if you want to do this then a simple way would be to converted characters to integer and subtract 30 from all and convert back to string and store. – Zubaer Naseem Aug 05 '13 at 09:07
1

I think this question stems from a misunderstanding of password hashing. Hashed passwords work like this:

  • A hash function is deterministic, that is, with the same input you always get the same output.
  • A good hash function is one-way, that is, you can't get from the hash value to the input without a lot of effort.
  • So take a password + salt (the salt makes creating an exhaustive dictionary MUCH harder)
  • Feed that into the hash function to generate a hash.
  • Store the hash and the salt.
  • To check passwords hash the user input and the stored salt and compare to the stored hash.

This operates on the byte level, so special characters are obviously included in the input. The output of the hash function is represented in hexadecimal for your convenience and does not contain special characters. If you do want the raw output just parse the hexadecimal representation into bytes but I don't see why you would want to, it's still the same number of output bits represented differently.

Another thing to note: MD5 is not a good hash function for passwords because it is much too fast. A really fast hash function is a hash function where trying a large amount of passwords from a generator is a trivial task. You might want to look for something more password specific for this use case.

confusopoly
  • 1,245
  • 7
  • 19