...
This code examples implements the SHA-1 hash function through the MessageDigest class in order to compare hash values instead of cleartext strings. While this fixes the above decryption problem, at runtime this code may inadvertently store the passwords as cleartext. This is due to the fact that the pass arguments may not be cleared from memory by the Java garbage collector. See MSC10-J. Limit the lifetime of sensitive data, for for more information.
Compliant Solution
...