Java Programming

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Is SHA-256 backward compatible with SHA ?

807588Jul 5 2006 — edited Mar 2 2009

All user password is SHA encrypted before being stored in Oracle database ( varchar2). When a user inputs there userID and password, I SHA encrypt the entered password and compare it with the password in the database as validation.

I would like to change to using SHA-256 ( a requirement by Audit ). How would I handle converting all existing SHA encrypted password to SHA-256? I don't think SHA and SHA-256 is backward compatible as the existing SHA password is much smaller in length compared to the entered password converted to SHA-256.

Thank you for your help.

This is the existing code that I would like to modify to use SHA-256

MessageDigest md = MessageDigest.getInstance("SHA");
byte[] hash = md.digest(rawPassword);

ByteArrayOutputStream bout = new ByteArrayOutputStream();
Base64Encoder encoder = new Base64Encoder(new ByteArrayInputStream(hash), bout);
encoder.process();
String hashpw = "{SHA}" + bout.toString();
return hashpw.getBytes();

Locked Post

New comments cannot be posted to this locked post.

Locked on Mar 30 2009

Added on Jul 5 2006

4 comments

1,054 views