Hash Generation

Not all encoding systems are bidirectional. Some, such as JPEG, are inherently lossythe conversion process discards some data in the name of compression. MD5 and SHA, on the other hand, allow you to encode a particular stream of bytes to generate a hasha fingerprint of that stream of bytes. This hash is specifically intended to not allow you to decode back to the original data.

The precise use of this functionality is up to your application. For example, for security reasons, you may not want to store user passwords in your database as clear text but rather as an MD5 hash of the password. You may want to perform an MD5 hash of a file before sending it to someone and then send the hash in another email so the recipient can verify that the file sent is the same as the file received (you will often see reference to this on the Apache Software Foundation download pages). Many applications use an MD5 hash routine to generate serial numbers for registered users.

Regardless of your particular application, Apache Codec provides a simple, easy-to-use mechanism for generating MD5 and SHA hash values. Listing 12-8 shows how both a password and a bit of text can be converted to their hash values.

Listing 12-8. MD5 and SHA Digest Generation Source

 public static void hashEncodingDemo() {     String shakespeareText =         "ROMEO : \n"             + "Peace, peace, Mercutio, peace!\n"             + "Thou talk'st of nothing.\n"             + "\n"             + "MERCUTIO : \n"             + "True, I talk of dreams,\n"             + "Which are the children of an idle brain,\n"             + "Begot of nothing but vain fantasy,\n"             + "Which is as thin of substance as the air\n"             + "And more inconstant than the wind, who wooes\n"             + "Even now the frozen bosom of the north,\n"             + "And, being anger'd, puffs away from thence,\n"             + "Turning his face to the dew-dropping south.";     printHeader("Hash Encoding Demo");     String password_text = "my_password";     System.out.println("MD5 Password Encryption:");     String encryption_result =         DigestUtils.md5Hex(password_text);     System.out.println(encryption_result);     System.out.println(encryption_result.length());     System.out.println();     System.out.println("MD5 Document Fingerprint:");     encryption_result = DigestUtils.md5Hex(shakespeareText);     System.out.println(encryption_result);     System.out.println(encryption_result.length());     System.out.println();     System.out.println("SHA Password Encyption:");     encryption_result = DigestUtils.shaHex(password_text);     System.out.println(encryption_result);     System.out.println(encryption_result.length());     System.out.println();     System.out.println("SHA Document Fingerprint:");     encryption_result = DigestUtils.shaHex(shakespeareText);     System.out.println(encryption_result);     System.out.println(encryption_result.length()); } 

As can be seen from the results of the example, shown in Listing 12-9, MD5 generates 32-character-long hash codes. The hash is the same length for both a password less than 32 characters and a snippet of text much longer than 32 characters. SHA performs a similar function, taking a bit more time to generate a more sophisticated (and secure) 40-character hash.

Listing 12-9. MD5 and SHA Digest Generation Results

 ================================ Hash Encoding Demo ================================ MD5 Password Encryption: a865a7e0ddbf35fa6f6a232e0893bea4 32 MD5 Document Fingerprint: bf5dea92a8a43beee75a7d3f44b41cf4 32 SHA Password Encyption: 5eb942810a75ebc850972a89285d570d484c89c4 40 SHA Document Fingerprint: 7b810d5b8e4853c91071895117543cd1927a4604 40