[ACCEPTED]-Spring Security Encrypt MD5-encryption

Accepted answer
Score: 48

I realize this is a little late, but Spring 7 has built-in classes that make this a lot 6 easier.

public void testSpringEncoder() {
    PasswordEncoder encoder = new Md5PasswordEncoder();
    String hashedPass = encoder.encodePassword("koala", null);

    assertEquals("a564de63c2d0da68cf47586ee05984d7", hashedPass);

This is a unit test that I wrote 5 using the built in Spring Security code, it 4 is a lot smaller than the MessageDigest 3 code and since you are using Spring Security 2 already, you should have the classes in 1 your classpath already.

Score: 6

How are you creating your MD5 hashes? Something 2 like the following works well in Java:

MessageDigest messageDigest = MessageDigest.getInstance("MD5");  
messageDigest.update(user.getPassword().getBytes(),0, user.getPassword().length());  
String hashedPass = new BigInteger(1,messageDigest.digest()).toString(16);  
if (hashedPass.length() < 32) {
   hashedPass = "0" + hashedPass; 

When 1 you encode "koala" do you get "a564de63c2d0da68cf47586ee05984d7"?

Score: 5

Have you read 6.3.3 Hashing and Authentication section from Spring Security 3 reference manual? It mentioned some possible 2 issues that you might encounter in using 1 password hashing.

Some possibilities it listed:

  • Database password hash might be in Base64, while the result from MD5PasswordEncoder is in hexadecimal strings
  • Your password hash might be in upper-case, while the result from the encoder is in lower case strings

More Related questions