tags:

views:

21525

answers:

13

Is there any method to generate MD5 hash of a string in Java?

+17  A: 

MessageDigest is your friend. Call getInstance("MD5") to get an MD5 message digest you can use.

Bombe
+33  A: 

The MessageDigest class can provide you with an instance of the MD5 digest.

Always when working with Strings and the crypto classes be sure to always specify the encoding you want the byte representation in. If you just us string.getBytes() it will use the platform default. (Not all platforms use the same defaults)

import java.security.*;

..

byte[] bytesOfMessage = yourString.getBytes("UTF-8");

MessageDigest md = MessageDigest.getInstance("MD5");
byte[] thedigest = md.digest(bytesOfMessage);

If you have a lot of data take a look at the .update(byte[]) method which can be called repeatedly. Then call .digest() to obtain the resulting hash.

koregan
“LATIN1” != “ASCII” (or “US-ASCII”). ASCII is a 7-bit character set, Latin1 is an 8-bit character set. They are not the same.
Bombe
Is there any reason why you don't want to use "UTF-8" here? UTF-8 can represent all characters and if you use LATIN1 here, it would result in many, many non-Latin Strings producing exactly the same digest, which is far from optimal.
Joachim Sauer
Why, why, why do you explicitly warn to always specify the encoding and then explicitly pick the worst one available? Using Latin1, you're setting yourself up for very subtle bugs (it seems especially pointless when you can use UTF-8 just as easily).+1 for "specify encoding", -2 for "latin1"
Piskvor
(see http://www.joelonsoftware.com/articles/Unicode.html for much better rationale and explanation)
Piskvor
+7  A: 

Bombe's answer is correct, however note that unless you absolutely must use MD5 (e.g. forced on you for interoperability), a better choice is SHA1 as MD5 has weaknesses for long term use.

I should add that SHA1 also has theoretical vulnerabilities, but not as severe. The current state of the art in hashing is that there are a number of candidate replacement hash functions but none have yet emerged as the standard best practice to replace SHA1. So, depending on your needs you would be well advised to make your hash algorithm configurable so it can be replaced in future.

frankodwyer
Could you point me to some resources, where i can read about relative merits and weaknesses of each?
Akshay
Probably the best you can do at the moment is use SHA1 and be ready to replace it in future. You could use newer functions but they have not yet been subject to great amounts of research. You could track online security resources to find out when this changes - for example Bruce Schneier's blog.
frankodwyer
+1  A: 

Weakness of hash algorithms:

Rogue attack of SSL Certificates MD5 collisions

furtelwart
+14  A: 

You might also want to look at the DigestUtils class of the apache commons codec project, which provides very convenient methods to create MD5 or SHA digests.

lutzh
In particular, the methods which return "safe" encoded representations of the byte data in string form.
Rob
+1  A: 

Take a look at the following link, the Example gets an MD5 Hash of a supplied image: MD5 Hash of an Image

+14  A: 

If you actually want the answer back as a string as opposed to a byte array, you could always do something like this:

String plaintext = 'your text here';
MessageDigest m = MessageDigest.getInstance("MD5");
m.reset();
m.update(plaintext.getBytes());
byte[] digest = m.digest();
BigInteger bigInt = new BigInteger(1,digest);
String hashtext = bigInt.toString(16);
// Now we need to zero pad it if you actually want the full 32 chars.
while(hashtext.length() < 32 ){
  hashtext = "0"+hashtext;
}
@BalusC: Not true, the BigInteger.toString method will return the full number in the base specified.0x0606 will be printed as 606, just trailing zeros are omitted,
Spidey
@Spidey: I see, thanks.
BalusC
+3  A: 

MD5 is perfectly fine if you don't need the best security, and if you're doing something like checking file integrity then security is not a consideration. In such as case you might want to consider something simpler and faster, such as Adler32, which is also supported by the Java libraries.

+2  A: 

I know I'm being a nit, but the second answer has a small typo: "MessageDigest,getInstance" has a coma instead of a period! And, I don't have enough rep. yet to edit or even comment on the answer.

abendigo
Now you have enough rep :-)
Bas
A: 

There is an article on JavaBlogging about that. Check out: http://www.javablogging.com/sha1-and-md5-checksums-in-java/

ppow
A: 

@Akshay: Google is not going to charge you for using its services... i think the problem with the code above is not the encoding, or the collisions, it's who's gonna use it... He's gonna be the flaw in that algorithm. Humanware bugs.

Luis Mesa
A: 

Here is one article about Java MD5 coding, check out: http://www.javarmi.com/2010/09/java-md5-example/

chisrsig
A: 

Here is how I use it:

    final MessageDigest messageDigest = MessageDigest.getInstance("MD5");
    messageDigest.reset();
    messageDigest.update(string.getBytes(Charset.forName("UTF8")));
    final byte[] resultByte = messageDigest.digest();
    final string result = new String(Hex.encodeHex(resultByte));

where Hex is: org.apache.commons.codec.binary.Hex from the Apache Commons project

adranale
If you use Apache Commons Codec anyway you can use: http://commons.apache.org/codec/api-release/org/apache/commons/codec/digest/DigestUtils.html#md5Hex(java.lang.String)
squiddle