0

Trying to create a secure login I have decided to create an MD5 hash using the following code, adapted a small bit from How can I generate an MD5 hash?

However, this doesn't generate the same hash when the user is created as is created on the login page. why is this as I thought the hash was unique to each string.

    MessageDigest messageDigest = null;

    try{
        messageDigest = MessageDigest.getInstance("MD5");
    }catch(NoSuchAlgorithmException e){
        System.out.println("Error: " + e);
    }

    messageDigest.reset();
    messageDigest.update(inPassword.getBytes());
    byte[] digest = messageDigest.digest();
    BigInteger bigInt = new BigInteger(1, digest);
    String encodedPass = bigInt.toString(16);

    while (encodedPass.length() < 32) {
        encodedPass = "0" + encodedPass;
    }


    inPassword = encodedPass;
Community
  • 1
  • 1
Matt
  • 1,471
  • 8
  • 20
  • 28

3 Answers3

2

This is at least part of the problem:

messageDigest.update(inPassword.getBytes());

That's using the platform default encoding to convert the password to bytes. That could vary on each system you run it on. I would strongly suggest you specify an encoding - ideally one which will cope with all Unicode characters (e.g. UTF-8).

You might also want to think about salting, and using something better than MD5, and I'm not sure about your conversion from byte[] to hex - it might be okay, but I'd find a library to just do the whole thing without using BigInteger.

Jon Skeet
  • 1,421,763
  • 867
  • 9,128
  • 9,194
0

Following is the complete code that you might need.

import java.io.FileInputStream;
import java.security.MessageDigest;

public class MD5CheckSumExample 
{
    public static void main(String[] args)throws Exception
    {
        MessageDigest md = MessageDigest.getInstance("MD5");
        FileInputStream fis = new FileInputStream("c:\\loging.log");

        byte[] dataBytes = new byte[1024];

        int nread = 0; 
        while ((nread = fis.read(dataBytes)) != -1) {
          md.update(dataBytes, 0, nread);
        };
        byte[] mdbytes = md.digest();

        //convert the byte to hex format method 1
        StringBuffer sb = new StringBuffer();
        for (int i = 0; i < mdbytes.length; i++) {
          sb.append(Integer.toString((mdbytes[i] & 0xff) + 0x100, 16).substring(1));
        }

        System.out.println("Digest(in hex format):: " + sb.toString());

        //convert the byte to hex format method 2
        StringBuffer hexString = new StringBuffer();
        for (int i=0;i<mdbytes.length;i++) {
            String hex=Integer.toHexString(0xff & mdbytes[i]);
            if(hex.length()==1) hexString.append('0');
            hexString.append(hex);
        }
        System.out.println("Digest(in hex format):: " + hexString.toString());
    }
}
Anuj Patel
  • 17,261
  • 3
  • 30
  • 57
0

Try this, it works for me:

messageDigest.update(myString.getBytes(), 0, myString.length());

The rest of your code seems correct. Hope it helps! :)

kobi-wan-kenobi
  • 128
  • 2
  • 13