0

I've got this piece of js code which I need to convert to proper java code for usage in my Android app:

toHex(Crypto.util.bytesToBase64(Crypto.SHA1(password, { asBytes: true })));

I've found out that for the Crypto.util.bytesToBase64() method, I can use the java version: Base64.encode(), but I've got no clue how to call the js CryptoSHA1() and toHex() methods in java. Any ideas?

Improve this question
3
  • Do you really need the toHex part? By the time you've converted it to base64, it's ASCII text anyway... as for the SHA1 part, a search for SHA1 and Java should get you lots of hits... Commented Apr 19, 2014 at 8:45
  • @JonSkeet Well this is what the js code looks like. This output is posted to a server, so I bet the toHex is needed. Not 100% sure though Commented Apr 19, 2014 at 8:48
  • stackoverflow.com/questions/4400774/… Commented Apr 19, 2014 at 8:51

1 Answer 1

Reset to default
2

The code uses three functions:

  1. SHA-1 digest

    MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] digest = md.digest(text.getBytes("UTF-8"));

  2. Base 64

    String base64 = android.util.Base64.encodeToString(digest)

  3. Hex

Use a function like this: http://vinnysoft.blogspot.de/2010/11/code-snippet-to-convert-string-to-hex.html

In summary the last step is totally unnecessary and only blows up the data. The result of base64 is already a printable ASCII String.

Furthermore hashing a password using SHA-1 can be insecure depending what you do with the result. Usually password hashing should always incorporate salting.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.