MD5 and SHA Hashing in Java
MD5 is one of the series of algorithms developed by Professor Ronaled Rivest at MIT University (Rivest, 1994). When work indicated that MD4 was likely unsafe, MD5 was designed to replace MD4. The weaknesses of MD4 were later found by Hans Dobbertin.This tutorial explains how to hash a string, frequently passwords for security reasons using two hashing methods MD5 and SHA-256. Hashing allows you to encode in one direction only, and this is its greatest advantage, so the hash is irreversible, unlike encryption, which uses a key for encryption and decryption.
The SHA hash functions were designed by the US National Security Agency (NSA). SHA stands for Secure Hash Algorithm. The three SHA algorithms are structured differently and are distinguished by SHA-0, SHA-1, and SHA-2. The SHA-2 family uses an identical algorithm with a variable digest size that is distinguished by SHA-224, SHA-256, SHA-384, and SHA-512.
Hashing a String with MD5
In this example, we hash a password with the MD5.import java.security.MessageDigest;Output:
public class md5_java
{
public static void main(String[] args)throws Exception
{
String password = "123456789";
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(password.getBytes());
byte byteData[] = md.digest();
//convert bit array to hexadecimal format - method 1
StringBuffer sb = new StringBuffer();
for (int i = 0; i < byteData.length; i++) {
sb.append(Integer.toString((byteData[i] & 0xff) + 0x100, 16).substring(1));
}
System.out.println("In hexa format: " + sb.toString());
//convert bitarray to hexadecimal format - method 2
StringBuffer hexString = new StringBuffer();
for (int i=0; i< byteData.length; i++) {
String hex=Integer.toHexString(0xff & byteData[i]);
if(hex.length()==1) hexString.append('0');
hexString.append(hex);
}
System.out.println("In hexa format: " + hexString.toString());
}
}
In hexa format: 25f9e794323b453885f5181f1b624d0b
In hexa format: 25f9e794323b453885f5181f1b624d0b
Why should we use SHA-256 instead of MD5
The security of MD5 has been seriously compromised, its weaknesses having been exploited on the ground. Using MD5 for passwords is a bad idea because it is not a secure way. You should always use SHA for sensitive data like user passwords.import java.security.MessageDigest;Output:
public class sha_java
{
public static void main(String[] args)throws Exception
{
String password = "123456789";
MessageDigest md = MessageDigest.getInstance("SHA-256");
md.update(password.getBytes());
byte byteData[] = md.digest();
//convert bit array to hexadecimal format - method 1
StringBuffer sb = new StringBuffer();
for (int i = 0; i < byteData.length; i++) {
sb.append(Integer.toString((byteData[i] & 0xff) + 0x100, 16).substring(1));
}
System.out.println("In hexa format: " + sb.toString());
//convert bitarray to hexadecimal format - method 2
StringBuffer hexString = new StringBuffer();
for (int i=0; i< byteData.length; i++) {
String hex=Integer.toHexString(0xff & byteData[i]);
if(hex.length()==1) hexString.append('0');
hexString.append(hex);
}
System.out.println("In hexa format: " + hexString.toString());
}
}
In hexa format: 15e2b0d3c33891ebb0f1ef609ec419420c20e320ce94c65fbc8c3312448eb225
In hexa format: 15e2b0d3c33891ebb0f1ef609ec419420c20e320ce94c65fbc8c3312448eb225
References:
https:// en.wikipedia.org/wiki/MD5
https://en.wikipedia.org/wiki/Secure_Hash_Algorithm
How weak is MD5 as a password hashing function?