Implimentation for MD5 Message Digest for Passwords in Java

Question

We made a system for a school project and our professor told us not to have passwords stored in plain text in the database. She wants us to encrypt these passwords for security since our system will be handling a lot of confidential data. So we decided to use MD5 for making a hash of the passwords the problem is I don't really get how we would implement it in the login process.

Answer 1

Welcome to SO. I think there a post similar to yours has already been answered but I'll give you how I solved it.

private String encryptPassword(String password) throws NoSuchAlgorithmException{

    MessageDigest md = MessageDigest.getInstance("MD5");
    md.update(password.getBytes());
    byte[] digest = md.digest();
    StringBuilder stringBuilder = new StringBuilder();
    for (byte b : digest) {
        stringBuilder.append(String.format("%02x", b & 0xff));
    }

    return stringBuilder.toString();
}

As you can see the method above that's how I encrypted the password which is a string passed through the parameters. MD5 is a one way encryption so there would be no way for you to decrypt it with Java but there are a few tools.

So what you should do is have the password converted when a user is registering(assuming you can add users in your system) then storing the converted value in the database as as string(varchar or text). Then when you want to login use the same method again then compare the result with whatever password is in the database. These generations aren't random so if you enter like "123" the generated hash will be the same everytime.