1

I'm trying to convert two strings from an String List into MD5 message digests.

My String List is called "usernamepassword".

try {
            MessageDigest mdg = MessageDigest.getInstance("MD5");      

            mdg.update(usernamepassword.get(0).getBytes(), 0, usernamepassword.get(0).length());
            mdg.update(usernamepassword.get(1).getBytes(), 1, usernamepassword.get(0).length());     


        } catch (NoSuchAlgorithmException ex) {
            Logger.getLogger(UPCheck.class.getName()).log(Level.SEVERE, null, ex);
        }

My question is -

A: Is that the correct way of doing it? B: How would I return it so I could use each individual MD5 hash in another class?

David Jackson
  • 31
  • 2
  • 6

2 Answers2

5

A: Is that the correct way of doing it?

No, for four reasons:

1) You're using the default character encoding, instead of specifying a particular encoding. I'd recommend using UTF-8.

2) You're currently using the length of the string in characters to specify how many bytes to use

3) If you want separate digests (one per string) you should use separate MessageDigest instance for each one, or call reset between calls

4) You're not actually doing anything with the digests at the moment.

I suggest you extract the "MD5 of a string in a particular encoding" into a separate method:

public static byte[] getMd5OfUtf8(String text) {
    try {
        MessageDigest digest = MessageDigest.getInstance("MD5");      
        return digest.digest(text.getBytes("UTF-8"));
    } catch (NoSuchAlgorithmException ex) {
        throw new RuntimeException("No MD5 implementation? Really?");
    } catch (UnsupportedEncodingException ex) {
        throw new RuntimeException("No UTF-8 encoding? Really?");
    }
}

Then you can call it for each of the list elements you're interested in - it's not clear what you're trying to do with the digests afterwards, but you probably want them separately...

EDIT: As noted in comments, MD5 really isn't a great hash choice these days. Something like SHA-256 with a salt would be better, but for real secure applications you should probably read some modern literature on the topic. (I'm not an expert so don't want to sound too authoritative.)

Jon Skeet
  • 1,421,763
  • 867
  • 9,128
  • 9,194
  • 1
    5) You're using MD5, an algorithm with known vulnerabilities, short fast output, and no salt, for passwords – SLaks Mar 10 '13 at 20:10
  • Thanks @JonSkeet - Will read into it more. I followed a couple of Youtube videos but they seem to have led me astray. – David Jackson Mar 10 '13 at 20:12
  • @SLaks - As the program won't be published, I'm not too bothered which encryption method I use. But thanks for the heads up! – David Jackson Mar 10 '13 at 20:12
  • @SLaks: True, will add that part. – Jon Skeet Mar 10 '13 at 20:16
  • Thanks @JonSkeet. I plan to use the hashes in another class to verify that the entered details (username & pw) are correct. – David Jackson Mar 10 '13 at 20:23
  • @DavidJackson: Do you really need to hash the username? A more common approach is to only hash the password (with a salt) and preserve the username in plaintext. – Jon Skeet Mar 10 '13 at 20:24
  • Come to think of it, it's not a necessity. If I was to implement the method as you suggested, how would I use it on second String in my list? (usernamepassword.get(1)) I understand that the method you wrote above creates the MD5 digest from the String text. Thanks for explaining it. – David Jackson Mar 10 '13 at 20:33
  • I don't want to seem as If i'm trying to make you do it. So i'm attempting it myself. If i was to save (usernamepassword.get(1) as a String and then call it in the method, that would work? – David Jackson Mar 10 '13 at 20:38
  • @DavidJackson: You don't even need the password as a separate variable: `byte[] passwordDigest = getMd5OfUtf8(usernamepassword.get(1));` Although I'd advise you to use a salt, as mentioned before. Why do you have the username and password as a list anyway? Why not two separate variables? – Jon Skeet Mar 10 '13 at 20:42
  • I followed a tutorial on the web. It gave you a basic frame to work from. The program includes a text file which has the users name and pw (these are split and then put into an array). It's my task to "attempt" to make it secure by using different methods. – David Jackson Mar 10 '13 at 20:47
1

Use the DigestUtils class from the apache commons. Several utility method will help you to compute/display a md5 or some other common hash functions.

aymeric
  • 3,877
  • 2
  • 28
  • 42