No, he thinks he just wants a hash to construct a key from a password. Probably, he just wants to encrypt / decrypt, in which case, your code is mostly adequate, except for a serious flaw, of a constant salt. A constant salt defeats the purpose; you can construct a perfectly fine dictionary of pre-computed keys for any fixed salt.
What you want to do is to generate a random salt, and prepend it to your encrypted result. Then to decrypt, extract it again, and use that for decryption. The reasons are laid out in the link you post in the next message. And don't use MD5. It may be "good enough", but there's really no reason to do so, because at least SHA-1 is available. Anyway, he probably really just wants to encrypt and decrypt, and aside from the above flaws, you probably gave him just what he needs. On Wednesday, May 11, 2011 12:09:16 AM UTC-7, Brill Pappin wrote: > > Arg, just reread your opost. > All you want is a hash (as in a one way hash)? > The "encryption decryption" confused me ;) > > SHA is likely adequate... simply do a google search for "java sha" and > you'll find a tone of examples on digesting a string... most of them will > work in Android. > > - Brill > -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
