Hashing using a text file

Question

I am trying to hash the content from my text file. The output shows nothing. Can someone help me with my code? It doesn't show any error with the code. Why there is no output? Can someone enlighten me?

UPDATE: Thanks for the help! I can't write the output to a new file? It shows this error of "The method write(int) in the type of dataoutputstream is not applicable for the type of argument (stringbuilder)" why I can't write into a new file?

import java.io.*; 
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Scanner;
public class Test {

public static void main(String[] args) throws Exception {  
        
    File file = new File("C:\\Users\\Tan\\Desktop\\Test.txt");
    Scanner scan = new Scanner(file);
    String strFilePath = ("C:\\Users\\Tan\\Desktop\\Encrpyt.txt");
            
        while(scan.hasNextLine()) {
            String password = scan.nextLine();
            MessageDigest md;
            //create FileOutputStream object
            FileOutputStream fos = new FileOutputStream(strFilePath);
            //To create DataOutputStream object from FileOutputStream us DataOutputStream(OutputStream os) constructor.
            DataOutputStream dos = new DataOutputStream(fos);
                try{
                    // Select the message digest for the hash computation -> SHA-256/MD5
                    md = MessageDigest.getInstance("SHA-256");

                    // Generate the random salt
                    SecureRandom random = new SecureRandom();
                    byte[] salt = new byte[16];
                    random.nextBytes(salt);

                    // Passing the salt to the digest for the computation
                    md.update(salt);

                    // Generate the salted hash
                    byte[] hashedPassword = md.digest(password.getBytes(StandardCharsets.UTF_8));
                    
                    StringBuilder sb = new StringBuilder();
                    for (byte b : hashedPassword)
                        sb.append(String.format("%02x", b));
                    //Print output
                    System.out.println(sb.toString());
                    dos.write(sb);
                    
                }
                     
                    catch (NoSuchAlgorithmException e)
                    {
                        // TODO Auto-generated catch block
                        e.printStackTrace();
                    }
                    
            }
            scan.close();
            
    } 
}

Answer 1

You're clearly attempting to safely store passwords.

MD5 is the wrong answer.

Hashing passwords is done with something like BCrypt or PBKDF. MD5 is relatively simple to reverse, and more to the point, can be massively optimized (and has been) on customized hardware. Even a cheap rig can literally hash billions of passwords a second. You want a hash algorithm that is intentionally a little slower, and more crucially, extremely hard to optimize on custom hardware.

BCrypt gets this job done, as do a few other algorithms (password hashing algorithms).

You can find a bcrypt impl off the shelf (such as from here) and they also clean up the API for you. There should only be 2 methods for any given password hashing library:

String v = hasher.createNewPassword(pass);

Which turns a password into a string that you store in the DB. The string contains everything (the hash and the salt), and the method does it all (including adding salt).

and

boolean check = hasher.passwordMatches(pass, v);

Which takes the password + the thing you got from createNewPassword before, and tells you whether these two are a match or not. It retrieves the salt from v, runs the hash algorithm on pass, and compares.

jbcrypt does that.

Answer 2

I think you are simply forgetting to print the output. As long as the file is in place, this runs correctly. Adding

...
// Already existing for statement 
for (byte b : hashedPassword)
   sb.append(String.format("%02x", b));
// Added print statement. 
System.out.println(sb.toString());
}
...

should fix your issue.

Answer 3

What is your expected output?

Did you forget to add a print statement like below after for loop

System.out.println("Output: " + sb.toString());