I need to store password digests within an Oracle8 table, with the password field mapped to a varChar(30 length) column. Can you suggest which MessageDigest(MD2, MD5 or SHA1) is more suitable? Also, how should I compare the input password and the original password digest that been stored in the database?
Created May 7, 2012
You can find example of using MessageDigest in JavaDoc for the MessageDigest class.
MessageDigest md = MessageDigest.getInstance( "SHA");
byte[] digest1 = md.update( thePasswordString.getBytes( encoding));
byte[] digest2 = readDigestFromDB( userName);
boolean isEqual = Arrays.equals( digest1, digest2);
Keep in mind that getting bytes from the Sring may not be safe for non English languages because of different encoding.