Distributed app, password hash

We have a distributed app and db table with users. Their passwords will be stored as hash values. App consists of win services,winforms, asp and java programs. One of the Java develope开发者_StackOverflow中文版rs has a function that computes md5 hash for the string (with hardcoded key) and offers to use it everywhere else (which means importing java code to c# and multiplying over the apps that need it). Is that an ok idea? What would be your suggestions and what do people usually do in such cases?

P.S. We use Oracle db.

you could have all the apps pass the password to the DB and have a stored procedure in the db that checks the given password against the stored hash.

There is a standard PL/SQL function for calculating hashes: DBMS_OBFUSCATION_TOOLKIT.MD5

You can find a more complete write up of this method here : http://www.oracle-base.com/articles/9i/StoringPasswordsInTheDatabase9i.php

Md5 Doesn't really have a key, as it's a hash not an encryption. Md5 hashing is built in to both java and c#.

What code does any body need to write? It is at most a couple of lines in each implementation language...plus a handful of tests to check that everybody comes up with the same results, capitalisation etc.