...
This noncompliant code example uses the SHA-256 hash function through the MessageDigest class to compare hash values instead of cleartext strings, but . It uses SecureRandom to generate a strong salt, as recommended by MSC02-J. Generate strong random numbers. However, it uses a String to store the password:
...