...
This code examples implements the SHA-1 hash function through the MessageDigest class in order to compare hash values instead of cleartext strings. While this fixes the above decryption problem, at runtime this code may inadvertently store the passwords as cleartext. This is due to the fact that the pass arguments may not be cleared from memory by the Java garbage collector. See "MSC10-J. Limit the lifetime of sensitive data", for more information.
Compliant Solution
...
| Wiki Markup |
|---|
\[[API 2006|AA. Bibliography#API 06]\] Class {{java.security.MessageDigest}} |