Friday, June 05, 2009

MD5 hash

This morning I read a blog discussing about how to keep a secure password. The usual way to store a password is first to hash it using MD5 hash and store it in a db. The benefit of using MD5 is you cannot do a reverse-hash.

Here's how you code it in Java :

MessageDigest md = java.security.MessageDigest.getInstance("MD5");
md.update("your password here");
byte[] hashed= md.digest();


To convert it in hex, here's the code (actually I got it from here):



One more tips, for better security, you might consider to add salt before hashing the password to make it less vulnerable. The changes looks like this :

md.update("The salt" + "your password here");

"The salt" here should be created dynamically and stored it along with the hashed password to be used later.


An excellent post on secure password scheme could be found here.

No comments: