...
The value that a hash function outputs is called the hash value. Another term for hash value is message digest. Hash functions are computationally feasible functions whose inverses are computationally infeasible. This means that in practice, one can encode a password to a hash value, while they are also unable to decode it. The equality of the passwords can be tested through the equality of their hash values.
Java's MessageDigest class provides the functionality of various cryptographic hash functions. Be careful not to use any defective hash functions, such as MD5. How do I go about learning which hash functions are safe, and which are defective?
It is also important that you append a salt to the password you are hashing. A salt is a randomly generated piece of data that is stored along with the hash value. The use of a salt helps prevents dictionary brute-force attacks against the hash value, provided the salt is long enough what is long enough. Each password should have its own salt associated with it. If a single salt were used for more than one password, two users would be able to see if their passwords are the same.
The choice of hash function and salt length presents a trade-off between security and performance. If it takes longer to compute a hash value, then the performance of a brute-force attack will be lowered. This will come at the cost of slowing down the program when it validates passwords. If a longer salt length is used, then the performance of a brute-force attack will be lowered at the cost of the extra storage space required.
Java's MessageDigest class provides the functionality of various cryptographic hash functions. Be careful not to pick a defective function such as MD-5. Publications are often available when a hash function is proven defective. Hash functions such as SHA-1 and SHA-2 are maintained by the NSA, and are currently considered safe.
Noncompliant Code Example
...
http://en.wikipedia.org/wiki/Cryptographic_hash_function Cryptographic hash function
