will java messagedigest generated different MD5 hash on different jdk version?
I am using java message digest to create MD5 hash, which is used for authentication. The MD5 hash is stored in the database as varchar2. I did a test to create a user on my tomcat server on my local laptop. When I deployed the war to the test tomcat server on linux redhat, the authentication failed due to hash unmatched. I checked the user name and password: they are all correct. Both web server points to the same database.
I suspect the hash generated on my local laptop is different from the one generated by the test server. Am I right?
Below is the code with which I generated the hash.
public static String getMD5Hash(String str) throws Exception
{
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(str.getBytes());
retur开发者_StackOverflow社区n new String(md.digest());
}
The String returned will be saved in the database table, which is defined below
create table authen(
passport varchar2(50),
constraint pk_au primary key (passport) USING INDEX TABLESPACE xxxxxxx
);
Here is the java version output on my laptop
C:\Users\XXXX>java -version
java version "1.6.0_25"
Java(TM) SE Runtime Environment (build 1.6.0_25-b06)
Java HotSpot(TM) Client VM (build 20.0-b11, mixed mode, sharing)
Here is the java version output on the redhat server
[xxxxxx@xxxxxxxxx ~]$ java -version
java version "1.6.0_20"
Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
Java HotSpot(TM) Client VM (build 16.3-b01, mixed mode, sharing)
Its possible that you are using the default character set to generate the bytes you are passing into the MD5.digest()
method and that character set is different between your laptop and server.
That could be a reason why you are seeing different results. Otherwise, its not possible for it to generate different results.
For example --
byte[] bytesOfMessage = tempStr.getBytes("UTF-8"); // Maybe you're not using a charset here
MessageDigest md5 = MessageDigest.getInstance("MD5");
byte[] theDigest = md5.digest(bytesOfMessage);
Only if you feed different data into the MD5 digest. Once way to do that by accident would be to feed in hashCode values.
There is only one MD5 algorithm, and it will produce the same result everywhere on the same input.
Check whether your hash is salted. Salting means that the password is concatenated to another string, to increase hashing security (to undo the effect of rainbow tables).
It may be the case that your database hashes are salted: hence the difference between your (unsalted or wrong salted) MD5 hashes.
Every same input to the MD5 algorithm results in the same hash. That's the point of any hashing algorithm.
精彩评论