I need to store password digests within an Oracle8 table, with the password field mapped to a varChar(30 length) column. Can you suggest which MessageDigest(MD2, MD5 or SHA1) is more suitable? Also, how should I compare the input password and the original password digest that been stored in the database?
You can find example of using MessageDigest in JavaDoc for the MessageDigest class.
MessageDigest md = MessageDigest.getInstance( "SHA");
byte digest1 = md.update( thePasswordString.getBytes( encoding));
byte digest2 = readDigestFromDB( userName);
boolean isEqual = Arrays.equals( digest1, digest2);
Keep in mind that getting bytes from the Sring may not be safe for non English languages because of different encoding.