Security101: MessageDigest Class

Security101: MessageDigest Class

In Java, message digest is represented by “ class”.

All main classes in package are instantiated using the factory method “getInstance()”.

This method takes the String parameter, which is the name of the algorithm used to calculate message digest. There are three algorithms supported by the default JDK security provider:

  • “SHA”
  • “MD2”
  • “MD5”

Here’s the sample code for calculating the message digest of the password (assuming that the variable pwd contains password text):

 MessageDigest md5 = MessageDigest.getInstance("MD5");byte[] pwdBytes = pwd.getBytes("latin1");md5.update(pwdBytes);byte[] msgDigestBytes = md5.digest();

You can store this in the database, and the next time a user logs in, you can calculate the message digest of that password and compare it to bytes in the database. Plus, the password text is not exposed in the database table.


Share the Post: