0

I try to Hash this password hoang1@H 3 times with 3 accounts by using SHA256. But when i write this password to file by using FileWriter and BufferedWriter, there are 3 different strings. Why ? Here are my code for SHA256 hashing:

    public byte[] getSHA(String input) throws NoSuchAlgorithmException
{ 
    // Static getInstance method is called with hashing SHA 
    MessageDigest md = MessageDigest.getInstance("SHA-256"); 

    // digest() method called 
    // to calculate message digest of an input 
    // and return array of byte
    return md.digest(input.getBytes(StandardCharsets.UTF_8)); 
}

public String toHexString(byte[] hash)
{
    // Convert byte array into signum representation 
    BigInteger number = new BigInteger(1, hash); 

    // Convert message digest into hex value 
    StringBuilder hexString = new StringBuilder(number.toString(16)); 

    // Pad with leading zeros
    while (hexString.length() < 32) 
    { 
        hexString.insert(0, '0'); 
    } 

    return hexString.toString(); 
}
mtz1406
  • 75
  • 1
  • 10
Hoàng Huy
  • 31
  • 8
  • 2
    Hashing is not encryption, and simple hashing of a password is not secure; you should at minimum salt and iterate the hash, and much better use an algorithm designed for password hashing like scrypt or argon2. Also SHA256 in hex is _64_ digits not 32. But your posted code is not runnable and does not reproduce the problem. – dave_thompson_085 Jan 09 '22 at 05:31
  • Thanks, i don't know about this and just a newbie. So thanks for your advance! – Hoàng Huy Jan 09 '22 at 07:25

2 Answers2

1

you should call md.reset() before reuse the MessageDigest instance.Just add it before md.digest(....).

mtz1406
  • 75
  • 1
  • 10
  • It's seem that nothing change. – Hoàng Huy Jan 09 '22 at 05:07
  • change the way that you convert your input to bytes to be like this: `md.digest(Base64.getDecoder().decode(input));` – mtz1406 Jan 09 '22 at 05:14
  • and use a known code to convert to Hex string. you can find one here: https://stackoverflow.com/questions/9655181/how-to-convert-a-byte-array-to-a-hex-string-in-java – mtz1406 Jan 09 '22 at 05:16
  • The MessageDigest instance is not being reused, and I see no reason to think the input is base64. – dave_thompson_085 Jan 09 '22 at 05:32
  • whatever, It is recommended for this purpose using Base64 instead of UTF-8. You could add random byte array salt to your password. check this: https://stackoverflow.com/questions/3866316/whats-the-difference-between-utf8-utf16-and-base64-in-terms-of-encoding – mtz1406 Jan 09 '22 at 05:57
  • *...using Base64 instead of UTF-8...* that makes no sense. – President James K. Polk Jan 09 '22 at 13:55
  • not agree. check this discussion https://stackoverflow.com/questions/27014578/should-i-use-base64-or-unicode-for-storing-hashes-salts – mtz1406 Jan 09 '22 at 16:33
1

Code

You can test/run this code on ▶▶▶▶▶ https://replit.com/@JomaCorpFX/JavaHashes

HashAlgorithm.java

public enum HashAlgorithm {

    SHA512("SHA-512"),
    SHA256("SHA-256"),
    SHA384("SHA-384"),
    SHA1("SHA-1"),
    MD5("MD5");

    private String Value = "";

    HashAlgorithm(String Value) {
        this.Value = Value;
    }

    @Override
    public String toString() {
        return Value;
    }

}

HexEncoder.java

import java.util.Formatter;

public class HexEncoder{
  public static String toHex(byte[] data) {
        StringBuilder sb = new StringBuilder(data.length * 2);
        try (Formatter formatter = new Formatter(sb))
        {
            for (byte b : data)
            {
                formatter.format("%02x", b);
            }
        }
        return sb.toString();
    }
}

HashManager.java

import java.security.MessageDigest;
import java.nio.charset.StandardCharsets;


public class HashManager {
    public static byte[] toRawHash(byte[] data, HashAlgorithm algorithm) throws Exception
    {
        byte[] buffer = data;
        MessageDigest messageDigest = MessageDigest.getInstance(algorithm.toString());
        messageDigest.reset();
        messageDigest.update(buffer);
        return messageDigest.digest();
    }

    public static String toHexHash(byte[] data, HashAlgorithm algorithm) throws Exception
    {
       return HexEncoder.toHex(toRawHash(data, algorithm));
    }

    public static String toHexHash(String data, HashAlgorithm algorithm) throws Exception
    {
       return toHexHash(data.getBytes(StandardCharsets.UTF_8), algorithm);
    }
}

Main.java

public class Main {
  public static void main(String[] args) throws Exception {
    String data = "grape";
    System.out.println(HashManager.toHexHash(data, HashAlgorithm.SHA256));
    System.out.println(HashManager.toHexHash(data, HashAlgorithm.SHA256));
    System.out.println(HashManager.toHexHash(data, HashAlgorithm.SHA256));
    System.out.println(HashManager.toHexHash(data, HashAlgorithm.SHA256));

  }
}

Output

output1

Joma
  • 3,520
  • 1
  • 29
  • 32