I need to store password digests within an Oracle8 table, with the password field mapped to a varChar(30 length) column. Can you suggest which MessageDigest(MD2, MD5 or SHA1) is more suitable? Also, how should I compare the input password and the original password digest that been stored in the database?
Created May 7, 2012
Eugene Kuleshov I would like to recommend you to use SHA or MD5 because they are included into any JDK beginning from 1.1.x. If you need a comparsion of digest's hashing algorithms look at "The Hashing Function Lounge".
You can find example of using MessageDigest in JavaDoc for the MessageDigest class.
MessageDigest md = MessageDigest.getInstance( "SHA");
byte[] digest1 = md.update( thePasswordString.getBytes( encoding));
byte[] digest2 = readDigestFromDB( userName);
boolean isEqual = Arrays.equals( digest1, digest2);
Keep in mind that getting bytes from the Sring may not be safe for non English languages because of different encoding.