SHA-512 special character treatment

Question

I am using SHA-512 to hash my passwords and store them in mysql database. Is there any requirement that the input to the sha-512 should not contain any special character? Because the passwords 'Qwerty123.1' and 'Qwerty123.' are being treated the same, but 'Qwerty.11' is not the same as the above. What is the problem?

The code that I am using is:

BASE64Decoder decoder=new BASE64Decoder();
byte[] b=decoder.decodeBuffer(r1);            //r1 is the string containing password

MessageDigest md=MessageDigest.getInstance("SHA-512");
md.update(b);
byte[] plaintext=md.digest();
BASE64Encoder encoder=new BASE64Encoder();
String digest1=encoder.encode(plaintext);   //digest1 contains the msg digest

No, the input to the hash function is binary (byte array), so that's not of a problem. Usually it's the client (keyboard layout, web browser, program) that makes it difficult for the user to enter the special chars correctly. — vasquez

Sirs Sirs · Accepted Answer · 2012-02-15T09:40:44

Is r1 a valid base64 encoded string? It seems to me you're getting the same result because you're trying to decode something which is not a valid Base64 array, and BASE64Decoder is somehow failing silently. Have you tried something like:

byte[] b = r1.getBytes("UTF-8");
MessageDigest md=MessageDigest.getInstance("SHA-512");
md.update(b);
byte[] plaintext=md.digest();
BASE64Encoder encoder=new BASE64Encoder();
String digest1=encoder.encode(plaintext);   //digest1 contains the msg digest

SHA-512 special character treatment

1 Answers