I need to store password digests within an Oracle8 table, with the password field mapped to a varChar(30 length) column. Can you suggest which MessageDigest(MD2, MD5 or SHA1) is more suitable? Also, how should I compare the input password and the original password digest that been stored in the database?

Created May 7, 2012

Eugene Kuleshov

I would like to recommend you to use SHA or MD5 because they are included into any JDK beginning from 1.1.x. If you need a comparsion of digest's hashing algorithms look at "The Hashing Function Lounge".

You can find example of using MessageDigest in JavaDoc for the MessageDigest class.

  MessageDigest md = MessageDigest.getInstance( "SHA");

  byte[] digest1 = md.update( thePasswordString.getBytes( encoding));

  byte[] digest2 = readDigestFromDB( userName);

  boolean isEqual = Arrays.equals( digest1, digest2);

Keep in mind that getting bytes from the Sring may not be safe for non English languages because of different encoding.

Advertiser Disclosure: Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.