Hashing Algorithm in Java

An algorithm that does the mapping of data to a hash of fixed size is called the hashing algorithm. Hashing algorithm in Java is a cryptographic hash function. A hash algorithm or hash function is designed in such a way that it behaves like a one-way function. One way means it is not possible to do the inversion, i.e., retrieving the original value from the hash is not possible.

Characteristic of a Hashing Algorithm

A good hashing algorithm must have following characteristics:

The hashing algorithm must be quick enough to hash any sort of data.
The algorithm should avoid the regeneration of message from its generated hash value (one way).
The two messages must not have the same hash at any point of time. In other words, the hashing algorithm must avoid the collision.
The hash value of the message must change when there is even a slight change to the message. It is known as the avalanche effect

Characteristic of a Hashing Algorithm

A good hashing algorithm must have the following characteristics:

The hashing algorithm must be quick enough to hash any data.
The algorithm should avoid the regeneration of a message from its generated hash value (one way).
The two messages must not have the same hash at any point in time. In other words, the hashing algorithm must avoid the collision.
The hash value of the message must change when there is even a slight change to the message. It is known as the avalanche effect.

Types of Hashing Algorithms

Following are some types of hashing algorithms.

MD5 Algorithm
SHA Algorithms
PBKDF2WithHmacSHA1 Algorithm

MD5 Algorithm

The Message-Digest Algorithm (MD5) is a widely used cryptographic hash function, which generates a 16-byte (128-bit) hash value. It is very simple and easy to understand. The main concept is to do the mapping the data sets of variable length to data sets of a constant length.

To achieve the same, the input message is broken into a group of 512-bit blocks. Padding is joined to the end such that its size can be divided by 512. Now, the blocks are processed using the MD5 algorithm that operates in the 128-bit state, and the result is a 128-bit hash value. After applying the MD5 algorithm, the generated hash is usually a 32-digit hexadecimal number. Here, the string that has to be encoded is usually called the "message" and the hash value that is generated after the hashing is known as the "digest" or "message digest".

FileName: MD5.java

// import statements
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.MessageDigest;


// A Java program that uses the MD5 to do the hashing
public class MD5 
{
public static String getMd5(String input)
{
try 
{

// invoking the static getInstance() method of the MessageDigest class
// Notice it has MD5 in its parameter.
MessageDigest msgDst = MessageDigest.getInstance("MD5");

// the digest() method is invoked to compute the message digest
// from an input digest() and it returns an array of byte
byte[] msgArr = msgDst.digest(input.getBytes());

// getting signum representation from byte array msgArr
BigInteger bi = new BigInteger(1, msgArr);

// Converting into hex value
String hshtxt = bi.toString(16);

while (hshtxt.length() < 32) 
{
hshtxt = "0" + hshtxt;
}
return hshtxt;
}
// for handling the exception 
catch (NoSuchAlgorithmException abc) 
{
throw new RuntimeException(abc);
}
}
// main method code
public static void main(String argvs[]) throws NoSuchAlgorithmException
{
String str = "JavaTpoint";
String hash = getMd5(str);
str = "'JavaTpoint'";
System.out.println("The HashCode Generated for " + str + " is: " + hash);
}
}

Output:

The HashCode Generated for 'JavaTpoint' is: 9e0a53565bd3ad4997fe16d35e085ffc

Anomalies of MD5 Algorithm

The MD5 algorithm is a popular algorithm for doing hashing. It is because it is quick to generate a hash and is easy to implement. However, the algorithm has security issues. The hashes that are being generated from this algorithm are fairly week. Also, this algorithm is prone to collision. Therefore, there are fair chances that two different passwords may generate the same hashes.

To make the MD5 algorithm more secure, it is recommended to use salt.

MD5 Algorithm with Salt

Salt makes the MD5 algorithm much stronger and secure. A salt is nothing but some randomly generated text that is added to the string before it gets processed through the MD5 algorithm. Note that salt is not specific to the MD5 algorithm. It can be applied to the other hashing algorithms too. The following example shows the usage of salt with the MD5 algorithm.

FileName: MD5SaltedExample.java

// import statements
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.MessageDigest;
import java.security.SecureRandom;


public class MD5SaltedExample 
{
public static byte[] receiveSalt() throws NoSuchAlgorithmException
{
SecureRandom secRand = SecureRandom.getInstance("SHA1PRNG");

// Create an array for the salt
byte[] s = new byte[15];
// Get the random salt
secRand.nextBytes(s);

//return the salt
return s;
}

// getting the hash value of the password using MD5 alogrithm and salt array
private static String getSecurePswd(String psdToHash, byte[] saltArr)
{
// For storing the hash of the password
String generatedPswd = null;
try 
{
// Creating an instance of MessageDigest for MD5
MessageDigest msgDigest = MessageDigest.getInstance("MD5");

// Add password b to digest
msgDigest.update(saltArr);

// Get the hash bytes 
byte[] b = msgDigest.digest(psdToHash.getBytes());

// This b[] contains bytes in the decimal format;
// Converting it to the hexadecimal format
StringBuilder sbObj = new StringBuilder();

for(int i = 0; i < b.length ; i++)
{
sbObj.append(Integer.toString((b[i] & 0xff) + 0x100, 16).substring(1));
}
// Get the complete hashed password in the hex format
generatedPswd = sbObj.toString();
} 

// handling the exception
catch (NoSuchAlgorithmException obj) 
{
obj.printStackTrace();
}

return generatedPswd;
}
// main method
public static void main(String argvs[]) throws NoSuchProviderException, NoSuchAlgorithmException
{
String str = "JavaTpoint"; // string to be hashed 
byte[] saltArr = receiveSalt();
 
String securePsd = getSecurePswd(str, saltArr);
System.out.println("The HashCode Generated for " + str + " is: " + securePsd);
String regeneratedPswdToVerify = getSecurePswd(str, saltArr);
System.out.println("The HashCode Generated for " + str + " is: " + securePsd);
}
}

Output:

The HashCode Generated for JavaTpoint is: 3bd3b836b49f0b0b0b3bfd137768b6de
The HashCode Generated for JavaTpoint is: 3bd3b836b49f0b0b0b3bfd137768b6de

Note: One has to keep the salt value for each and every password that is being hashed. It is because when the user login back into the system, the user has to use the original salt so that the hash created get matched with the stored hash. If the user does not use the original salt, then the generated hash will not match with the stored hash, and login issue may occur.

SHA Algorithm

The Secure Hash Algorithm (SHA) is the member of cryptographic hash functions. The algorithm is similar to the MD5 algorithm. However, unlike the MD5 algorithm, the SHA algorithm produces much stronger hashes. Sometimes, the hashes generated from the SHA algorithm are not always unique, which means there are chances of collision. However, collision in SHA is much lesser than MD5. In Java, there are four implementations of SHA algorithm.

SHA-1 - It is the simplest SHA. It produces a 20 bytes or 160 bits.
SHA-256 - It is more secure than SHA-1. It produces a hash comprising of 256 bit.
SHA-384 - SHA- 384 is one level higher than SHA-256 and generates a hash of 384 bit.
SHA-512 - It is the strongest among all the mentioned SHA. It generates a hash of 512 bit.

Thus, we see that larger the size of hash, stronger the hash becomes. It means it is not easy to break the hash of larger size.

The following example shows the implementation of SHA - 256.

FileName: SHAExample.java

// import statements
import java.security.NoSuchAlgorithmException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.nio.charset.StandardCharsets;

// A Java program to find the SHA-256 hash value
public class SHAExample
{
public static byte[] obtainSHA(String s) throws NoSuchAlgorithmException
{
// Static getInstance() method is invoked with the hashing SHA-256
MessageDigest msgDgst = MessageDigest.getInstance("SHA-256");

// the digest() method is invoked
// to compute the message digest of the input
// and returns an array of byte
return msgDgst.digest(s.getBytes(StandardCharsets.UTF_8));
}

public static String toHexStr(byte[] hash)
{
// Converting the byte array in the signum representation
BigInteger no = new BigInteger(1, hash);

// Converting the message digest into the hex value
StringBuilder hexStr = new StringBuilder(no.toString(16));

// Padding with tbe leading zeros
while (hexStr.length() < 32)
{
hexStr.insert(0, '0');
}

return hexStr.toString();
}

// main method
public static void main(String argvs[])
{
try
{
System.out.println("The HashCode produced by SHA-256 algorithm for strings: ");

String str = "JavaTpoint";
String hash = toHexStr(obtainSHA(str));
System.out.println("\n" + str + " : " + hash);

str = "India is a great country.";
hash = toHexStr(obtainSHA(str));
System.out.println("\n" + str + " : " + hash);
}
// handling exception
// usually raised when some absurd algorithm is used for doing the hash work
catch (NoSuchAlgorithmException obj) 
{
System.out.println("An exception is generated for the incorrect algorithm: " + obj);
}
}
}

Output:

The HashCode produced by SHA-256 algorithm for strings: 

JavaTpoint : f9142e5ca706378c1c7f9daf6782dcff8197ef1ecfd4075b63dae2f40186afa6

India is a great country. : e28335e1124e47ebf4c0b6cb87a34737b70d539241641c60c1969602a7b46cf9

Note: To generate hash using other implementations of SHA, one can do minor changes in the above code.

MessageDigest msgDgst = MessageDigest.getInstance("SHA-1"); // for SHA -1

MessageDigest msgDgst = MessageDigest.getInstance("SHA-384"); // for SHA -384

MessageDigest msgDgst = MessageDigest.getInstance("SHA-512"); // for SHA -512

PBKDF2WithHmacSHA1 Algorithm

We have learned about generating secure hashes and even making them more secure with the help of salt. Nowadays, hardware is so much quicker than any sort of password that can be cracked within a short span of time, even with a brute force attack.

In order to fix this problem, a common concept is to ensure that the brute force attack is slower as it will minimize the damage. The PBKDF2WithHmacSHA1 algorithm works on the same concept. The aim is to create the hash method slow enough to delay the attacks. However, at the same time, it has to be fast enough so that it does not make any significant delay in generating hash to the user. The algorithm has a security factor (also known as work factor) or iteration count as its argument. The work count value determines the slowness of the hash function. The more efficient hardware is higher should be the value of this iteration count or work factor.

FileName: SHAExample.java

// import statements
import java.security.*;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.nio.charset.StandardCharsets;
import javax.crypto.spec.PBEKeySpec; 
import javax.crypto.SecretKeyFactory;
import java.security.spec.InvalidKeySpecException;

public class PBKDF2WithHmacSHA1 
{
    // main method
    public static void main(String argvs[]) throws NoSuchAlgorithmException, InvalidKeySpecException 
    {
        // password to be hashed
        String  orgPassword = "@JavaTpoint";
        
        String createdSecuredPasswordHash = createStrongPasswordHash(orgPassword);
        System.out.println(createdSecuredPasswordHash);
    }
    

    private static String createStrongPasswordHash(String password) throws NoSuchAlgorithmException, InvalidKeySpecException
    {
        // number of iteration used
        int itr = 500;
        char[] charArr = password.toCharArray();
        byte[] saltArr = obtainSalt();
         
        PBEKeySpec pbeSpec = new PBEKeySpec(charArr, saltArr, itr, 64 * 8);
        
        // using PBKDF2WithHmacSHA1 for hashing
        SecretKeyFactory secKeyFact = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
        byte[] hashArr = secKeyFact.generateSecret(pbeSpec).getEncoded();
        return itr + ": " + intoHex(saltArr) + ":" + intoHex(hashArr);
    }
     
     
    // getting the salt 
    private static byte[] obtainSalt() throws NoSuchAlgorithmException
    {
        SecureRandom secRand = SecureRandom.getInstance("SHA1PRNG");
        byte[] saltArr = new byte[16];
        secRand.nextBytes(saltArr);
        return saltArr;
    }
     
     
     // converting into hexadecimal
    private static String intoHex(byte[] arr) throws NoSuchAlgorithmException
    {
        BigInteger bInt = new BigInteger(1, arr);
        String hexStr = bInt.toString(16);
        int paddingLen = (arr.length * 2) - hexStr.length();
        if(paddingLen > 0)
        {
            return String.format("%0"  + paddingLen + "d", 0) + hexStr;
        }
        else
        {
            return hexStr;
        }
    }
}

Output:

500: d38932f8037b1a2740aad31de8765b25:c6c9c5005e0e421f47cd862bc612e9061fe7a393923af3a9984e8f5d8d4141113f8b8969f17f81bb1f47c81dbb100a071ce3218e509dc2b9371148fee0da7765

Application of Hashing

Finding Duplicates: Simple rule of hashing is that the same input generates the same hash. Thus, if two hashes are same, then it means the inputs are also the same (assuming hashing methods are collision resistant).
Message Digest: Message digests are created to secure the data. For example, if we store our files on the cloud, then we have to also ensure that the stored files are not tempered by someone else. To do so, find the hash, using a hashing algorithm, of the files that are being stored on the cloud and save it. When the file is downloaded again from the cloud, compute its hash again. If the hash generated matches with the hash that is saved earlier, then the files are not tempered.
Compiler Operation: The keywords (while, for, int, if, else, switch, etc.) are processed differently than other identifiers. Other identifiers and keywords are distinguished by the compiler by storing these keywords in a set. The set is being implemented with the help of a hash table.
Data Structures: Hash tables are extensively used in data structures. Almost all data structures that support key-value pairs use hash tables. For example, HashMap and HashSet in Java, map, and unordered_map in C++ use hash tables.