SHA1 hash generator in hex

[Al Murphy]

Folks,

I've written a SHA1 hasher that outputs in hexadecimal. Only problem
is though - it needs testing. But how can I be sure?

INPUT OUTPUT

password123 -3402539ff706354bf7c87b342e78b0899e72d569

Is this correct?

Can you have a look at the code below and let me know what you think?

Thanks,
Al.

*****CODE AS FOLLOWS*******

public void makeSHAHash()
{

strInput = jtfInput.getText();

try
{

// Generates a MessageDigest object that implements the SHA1 digest
algorithm
MessageDigest md = MessageDigest.getInstance("SHA");

// Resets the digest for further use
md.reset();

// copnvert the
byte[] buffer = strInput.getBytes();

// Updates the digest using the specified array of bytes
md.update(buffer);

// Completes the hash computation by performing final operations such
as padding
byte[] digest = md.digest();

// Convert the byte array to hexadecimal format
BigInteger bi = new BigInteger(digest);
String strHex = bi.toString(16);
jtfOutput.setText(strHex);
repaint();

}
catch(NoSuchAlgorithmException nsae)
{
nsae.printStackTrace();
}
catch(NumberFormatException nfe)
{
nfe.printStackTrace();
}

}// end makeSHA1Hash

 

[Daniel Schneller]

Folks,

I've written a SHA1 hasher that outputs in hexadecimal. Only problem
is though - it needs testing. But how can I be sure?

Any reason why you do not use java.security.MessageDigest?
If you really _need_ to write this yourself, you could at least use it
to verify your results.

MessageDigest.getInstance("sha1")

See also the javadoc for it.

Daniel

 

[Oscar kind]

I've written a SHA1 hasher that outputs in hexadecimal. Only problem
is though - it needs testing. But how can I be sure?

By reimplementing the SHA-1 algorithm. But why bother with that?
Alternatively, you can read the documentation (javadoc etc) to ensure that
the correct algorithm is specified by "SHA" (rather than "SHA1"), and then
argument why your code works correctly (it does as fas as I can tell).

After this, the only thing left to test is the conversion to hexadecimal.


[...]

// copnvert the
byte[] buffer = strInput.getBytes();

[...]

You may want to consider using getBytes("US-ASCII") or similar to ensure
that the hashes are the same regardless of the default character encoding
of the platform the code is executed on. Th


Oscar

 

[Daniel Schneller]

..... never mind ....
Anyone who can read has a clear advantage...

Sorry.

 

[Al Murphy]

[...]

// copnvert the
byte[] buffer = strInput.getBytes();

[...]

You may want to consider using getBytes("US-ASCII") or similar to ensure
that the hashes are the same regardless of the default character encoding
of the platform the code is executed on. Th

Thanks Oscar,

Overlook this. Problem is though - I'm getting negative hexadecimal
expressions. For example when I hash, say: "password123" I get:

-3402539ff706354bf7c87b342e78b0899e72d569

I don't like negative hex values. Isn't that wrong?

Confused,
Al.

 

[darkzak]

(I know this is a really old thread, but since it is one of the first hits I got on Google I am replying so the solution is here)

The correct hash for "password123" is:
cbfdac6008f9cab4083784cbd1874f76618d2a97

You shouldn't be getting negative hex values. Here is an article on converting byte arrays to hex correctly:
rgagnon.com/javadetails/java-0596.html

Example code:

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException
...
public String makeSHA1Hash(String input)
		throws NoSuchAlgorithmException
	{
		MessageDigest md = MessageDigest.getInstance("SHA1");
		md.reset();
		byte[] buffer = input.getBytes();
		md.update(buffer);
		byte[] digest = md.digest();
		
		String hexStr = "";
		for (int i = 0; i < digest.length; i++) {
			hexStr +=  Integer.toString( ( digest[i] & 0xff ) + 0x100, 16).substring( 1 );
		}
		return hexStr;
	}