0

I am quite new in Android development and hereby I would like to ask you for some help. Basically I have created the text fields of a Android Log-in page (username field & password field) and it works well without hashing a password. But now I want to use SHA256. My knowledge is still not enough to put those two together. So as follows:

public static String SHA256 (String text) throws NoSuchAlgorithmException {

    MessageDigest md = MessageDigest.getInstance("SHA-256");

    md.update(text.getBytes());
    byte[] digest = md.digest();

    String hashedpass = Base64.encodeToString(digest, Base64.DEFAULT);
}


private JSONObject buidJsonObject() throws JSONException {

    JSONObject jsonObject = new JSONObject();
    jsonObject.accumulate("Username", etName.getText().toString()); // <- here I get directly what I have typed in
    jsonObject.accumulate("Password", hashedpass); // <- here I want to have it hashed with SHA256. 

    return jsonObject;
}

Could you help me with these? Thank you

Phantômaxx
  • 37,901
  • 21
  • 84
  • 115
V B
  • 27
  • 4
  • looks like you are missing Java basics about how to use methods – Vladyslav Matviienko Nov 09 '18 at 08:31
  • yes, this is true – V B Nov 09 '18 at 08:33
  • this means that you should pass some basic Java training before starting something like you are trying to achieve. If you don't do that, you will get 1000 more questions like this. – Vladyslav Matviienko Nov 09 '18 at 08:34
  • yes, thank you for your advise. I do this in the moment, my problem is to understand the definitions public/static/private and what can be used where. It is quite different than embedded C – V B Nov 09 '18 at 08:37
  • Do you send this login info to a server? What do you then hope to gain by hashing the password? – Henry Nov 09 '18 at 09:27
  • I send this to a server and when I do not use public static String SHA256 it works fine. But I want to hash it due to protection purposes – V B Nov 09 '18 at 09:36
  • @VB "_yes, thank you for your advise. I do this in the moment, my problem is to understand the definitions public/static/private and what can be used where_" That "understanding" is what you should get from some basic Java training. – TripeHound Nov 09 '18 at 10:04
  • You don't really protect anything when hashing the password. If the server lets you log in with the hash instead of the password an attacker would just use the hash that goes over the line. There is then no need to know the password. – Henry Nov 09 '18 at 10:05

0 Answers0