Wednesday, May 21, 2003 01:00 PM
You can't avoid the byte arrays. What you can
do is encode that array once you encrypt it, in order to send it over the wire in a URL.
Typical encodings are either ascii-coded-hex (my name for something that looks like "1342abf34244" in string form representing the bytes 0x13 0x42 0xab 0xf3 0x42 and 0x44) or uuencode/base64-encoding, which does some more complicated encoding but accomplishes the same thing.
MD5 is not encryption. It is called "digestion". That is, MD5 can create a 20-byte signature of any input that you give it. You can store "passwords" this way by getting the password's signature and putting it into a database. The only way for a user to authenticate against that password is to provide the original password which will be MD5'd and then compared against the stored password. MD5 is one-way only: you cann't reconstruct the original message from the digest.
Hope that helps,