...
This code is incorrect because it decrypts the password stored in credentials.txt. An attacker could potentially decrypt this file to find out what the password is. This attacker could be someone knows or has figured out the encryption scheme being used by the program.
Compliant Solution
| Code Block |
|---|
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
/** Example hash function values.*/
public final class HashExamples {
public static void main(String... aArgs) {
try {
MessageDigest sha = MessageDigest.getInstance("SHA-1");
byte[] hashOne = sha.digest("color".getBytes());
log("Hash of 'color': " + hexEncode(hashOne));
sha.reset();
byte[] hashTwo = sha.digest("colour".getBytes());
log("Hash of 'colour': " + hexEncode(hashTwo));
}
catch (NoSuchAlgorithmException ex){
log("No such algorithm found in JRE.");
}
}
}
|