Here's how I do it - and I generally use "SHA" as my algorithm: /** * Encode a string using algorithm specified in web.xml and return the * resulting encrypted password. If exception, the plain credentials * string is returned * * @param password Password or other credentials to use in authenticating * this username * @param algorithm Algorithm used to do the digest * * @return encrypted password */ public static String encodePassword(String password, String algorithm) { byte[] unencodedPassword = password.getBytes();
MessageDigest md = null; try { // first create an instance, given the provider md = MessageDigest.getInstance(algorithm); } catch (Exception e) { log.error("Exception: " + e); return password; } md.reset(); // call the update method one or more times // (useful when you don't know the size of your data, eg. stream) md.update(unencodedPassword); // now calculate the hash byte[] encodedPassword = md.digest(); StringBuffer buf = new StringBuffer(); for (int i = 0; i < encodedPassword.length; i++) { if (((int) encodedPassword[i] & 0xff) < 0x10) { buf.append("0"); } buf.append(Long.toString((int) encodedPassword[i] & 0xff, 16)); } return buf.toString(); } -----Original Message----- From: Jeff Sexton [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 4:25 PM To: [EMAIL PROTECTED] Subject: Alternate password encyption code? I need to use my own bit of java to encrypt passwords for a JDBCRealm. I have no idea what approach is best to take with this, anyone have any suggestions? Thanks Jeff Sexton The ODS Companies [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]