This is happening because cript.digest() returns a byte array, which you're trying to print out as a character String. You want to convert it to a printable Hex String.
This is happening because cript.digest() returns a byte array, which you're trying to print out as a character String. You want to convert it to a printable Hex String. Easy solution: Use Apache's commons-codec library: String password = new String(Hex.
EncodeHex(cript.digest()), CharSet. ForName("UTF-8")).
Couldn't edit your post but you're trying to call the CharSet constructor without a new for a static method. I wanted to remove the () but wouldn't let me. – stan229 Oct 24 '11 at 18:26 Fixed, thanks!
– Jason Nichols Oct 24 '11 at 21:03.
One iteration of a hash algorithm is not secure. It's too fast. You need to perform key strengthening by iterating the hash many times.
Furthermore, you are not salting the password. This creates a vulnerability to pre-computed dictionaries, like "rainbow tables. " Instead of trying to roll your own code (or using some sketchy third-party bloatware) to do this correctly, you can use code built-in to the Java runtime.
See this answer for details. Once you have hashed the password correctly, you'll have a byte. An easy way to convert this to a hexadecimal String is with the BigInteger class: String passwordHash = new BigInteger(1, cript.digest()).
ToString(16); If you want to make sure that your string always has 40 characters, you may need to do some padding with zeroes on the left (you could do this with String.format(). ).
1 for mentioning padding, as many forgets that. – The Elite Gentleman Dec 9 '10 at 17:05 1 @ro2k - Of course iteration is useful. That's why all password-based cryptographic standards use it.
Iterations linearly increase the time for a brute-force attack (which salt does nothing to deter). A password space that could be searched in hours if one iteration is used will take years if a few thousand iterations are used. – erickson Dec 9 '10 at 17:35.
This looks like it's what you want: java.happycodings.com/Core_Java/code11.html.
The crypt.digest() method returns a byte. This byte array is the correct SHA-1 sum, but crypto hashes are typically displayed to humans in hex form. Each byte in your hash will result in two hex digits.To safely convert a byte to hex use this: // %1$ == arg 1 // 02 == pad with 0's // x == convert to hex String hex = String.
Format("%1$02x", byteValue); See this link for converting char to hex: download.oracle.com/javase/tutorial/i18n... Note that working with bytes in Java is very error prone. I would double check everything and test some strange cases as well. Also you should consider using something stronger than SHA-1.
Digest() returns a byte array, which you're converting to a string using the default encoding. What you want to do is base64 encode it.
– thejh Dec 9 '10 at 16:48 1 Its as good an encoding scheme as any... – Visage Dec 9 '10 at 16:57.
You need to hex encode the result first. MessageDigest returns a "raw" hash, rather than a human readable one. Edit: @thejh provided a link to code which should work.
Personally, I'd suggest using either Bouncycastle or Apache Commons Codec to do the job. Bouncycastle would be good if you want to do any other crypto-related operations.
To use UTF-8, do this: userPass. GetBytes("UTF-8"); And to get a Base64 String from the digest, you can do something like this: this. Password = new BASE64Encoder().
Encode(cript.digest()); Since MessageDigest.digest() returns a byte array, you can convert it to String using Apache's Hex Encoding (simpler). E.g. This.
Password = Hex. EncodeHexString(cript.digest()).
I think that he wants hex encoding – thejh Dec 9 '10 at 16:47 @thejh, thanks...updated as such... – The Elite Gentleman Dec 9 '10 at 17:04.
Using apache common codec library: DigestUtils. ShaHex("aff") The result is 0c05aa56405c447e6678b7f3127febde5c3a9238 That's it :).
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.