MessageDigest hashes differently on different machines

Question

I\'m having a problem with MessageDigest returning different hash values on different computers.

One computer is running 32-bit Java on Windows Vista and the other is ru

Answer 1

Encodings are causing you problems. First here:

saltPlusPlainTextPassword.getBytes()

That will use the default encoding for the machine. Bad idea. Specify "UTF-8" as a simple solution. (It's guaranteed to be present.)

Next this causes issues:

String hashed = new String(hashedByteArray);

hashedByteArray is arbitrary binary data. To safely convert it to text, either use a base-64 encoding or just hex. Again, you're currently using the default encoding, which will vary from machine to machine. There are loads of 3rd party libraries for base64 encoding in Java.

Answer 2

Likely Jon Skeet's solution above is the cause, and his recommendations should definitely be taken into account, but another possible cause is a misunderstanding of salt.

Salt is a semi-secret random value that is applied to a String prior to hashing. This makes it harder to perform a brute force attack when trying to guess what an originating String was because the salt is presumably unknown to the attacker.

Salt values generally differ installation to installation. Its possible that the actual cause is just that you have the salt values set differently on the different machines.