Is there any method to generate MD5 hash of a string in Java?
+17
A:
MessageDigest is your friend. Call getInstance("MD5") to get an MD5 message digest you can use.
Bombe
2009-01-06 09:47:52
+33
A:
The MessageDigest class can provide you with an instance of the MD5 digest.
Always when working with Strings and the crypto classes be sure to always specify the encoding you want the byte representation in. If you just us string.getBytes() it will use the platform default. (Not all platforms use the same defaults)
import java.security.*;
..
byte[] bytesOfMessage = yourString.getBytes("UTF-8");
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] thedigest = md.digest(bytesOfMessage);
If you have a lot of data take a look at the .update(byte[]) method which can be called repeatedly. Then call .digest() to obtain the resulting hash.
koregan
2009-01-06 09:58:07
“LATIN1” != “ASCII” (or “US-ASCII”). ASCII is a 7-bit character set, Latin1 is an 8-bit character set. They are not the same.
Bombe
2009-01-07 07:57:02
Is there any reason why you don't want to use "UTF-8" here? UTF-8 can represent all characters and if you use LATIN1 here, it would result in many, many non-Latin Strings producing exactly the same digest, which is far from optimal.
Joachim Sauer
2009-01-07 09:57:24
Why, why, why do you explicitly warn to always specify the encoding and then explicitly pick the worst one available? Using Latin1, you're setting yourself up for very subtle bugs (it seems especially pointless when you can use UTF-8 just as easily).+1 for "specify encoding", -2 for "latin1"
Piskvor
2009-01-07 19:56:32
(see http://www.joelonsoftware.com/articles/Unicode.html for much better rationale and explanation)
Piskvor
2009-01-07 19:57:22
+7
A:
Bombe's answer is correct, however note that unless you absolutely must use MD5 (e.g. forced on you for interoperability), a better choice is SHA1 as MD5 has weaknesses for long term use.
I should add that SHA1 also has theoretical vulnerabilities, but not as severe. The current state of the art in hashing is that there are a number of candidate replacement hash functions but none have yet emerged as the standard best practice to replace SHA1. So, depending on your needs you would be well advised to make your hash algorithm configurable so it can be replaced in future.
frankodwyer
2009-01-06 10:07:59
Could you point me to some resources, where i can read about relative merits and weaknesses of each?
Akshay
2009-01-06 10:19:32
Probably the best you can do at the moment is use SHA1 and be ready to replace it in future. You could use newer functions but they have not yet been subject to great amounts of research. You could track online security resources to find out when this changes - for example Bruce Schneier's blog.
frankodwyer
2009-01-06 10:49:11
+14
A:
You might also want to look at the DigestUtils class of the apache commons codec project, which provides very convenient methods to create MD5 or SHA digests.
lutzh
2009-01-06 14:51:54
In particular, the methods which return "safe" encoded representations of the byte data in string form.
Rob
2009-01-07 19:21:45
+1
A:
Take a look at the following link, the Example gets an MD5 Hash of a supplied image: MD5 Hash of an Image
+14
A:
If you actually want the answer back as a string as opposed to a byte array, you could always do something like this:
String plaintext = 'your text here';
MessageDigest m = MessageDigest.getInstance("MD5");
m.reset();
m.update(plaintext.getBytes());
byte[] digest = m.digest();
BigInteger bigInt = new BigInteger(1,digest);
String hashtext = bigInt.toString(16);
// Now we need to zero pad it if you actually want the full 32 chars.
while(hashtext.length() < 32 ){
hashtext = "0"+hashtext;
}
+3
A:
MD5 is perfectly fine if you don't need the best security, and if you're doing something like checking file integrity then security is not a consideration. In such as case you might want to consider something simpler and faster, such as Adler32, which is also supported by the Java libraries.
+2
A:
I know I'm being a nit, but the second answer has a small typo: "MessageDigest,getInstance" has a coma instead of a period! And, I don't have enough rep. yet to edit or even comment on the answer.
abendigo
2009-05-26 03:28:16
A:
There is an article on JavaBlogging about that. Check out: http://www.javablogging.com/sha1-and-md5-checksums-in-java/
ppow
2009-11-11 20:34:38
A:
@Akshay: Google is not going to charge you for using its services... i think the problem with the code above is not the encoding, or the collisions, it's who's gonna use it... He's gonna be the flaw in that algorithm. Humanware bugs.
Luis Mesa
2010-06-10 22:52:09
A:
Here is one article about Java MD5 coding, check out: http://www.javarmi.com/2010/09/java-md5-example/
chisrsig
2010-09-18 19:45:55
A:
Here is how I use it:
final MessageDigest messageDigest = MessageDigest.getInstance("MD5");
messageDigest.reset();
messageDigest.update(string.getBytes(Charset.forName("UTF8")));
final byte[] resultByte = messageDigest.digest();
final string result = new String(Hex.encodeHex(resultByte));
where Hex is: org.apache.commons.codec.binary.Hex from the Apache Commons project
adranale
2010-10-01 10:28:05
If you use Apache Commons Codec anyway you can use: http://commons.apache.org/codec/api-release/org/apache/commons/codec/digest/DigestUtils.html#md5Hex(java.lang.String)
squiddle
2010-10-25 15:10:02