Not able to add my hash password into my database(mssql)

chdboy

private static void insertRecord() throws SQLException
{
Connection con = null;
Statement statement = null;
try
{
PreparedStatement PS = Connectionstring().prepareStatement("INSERT INTO LoginDetails(Username,Password) VALUES (?,?)");
String User = tf_Uname.getText();
String _Pass = new String(tf_pass.getPassword());
//===========================================================================================================================================================
MessageDigest md = null;
try {
md = MessageDigest.getInstance("SHA-256");
}
catch (NoSuchAlgorithmException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
md.update(_Pass.getBytes());

  byte byteData\[\] = md.digest();

  //convert the byte to hex format method 1
  StringBuffer sb = new StringBuffer();
  for (int i = 0; i < byteData.length; i++) {
   sb.append(Integer.toString((byteData\[i\] & 0xff) + 0x100, 16).substring(1));
  }
  System.out.println("Hex format : " + sb.toString());

  //convert the byte to hex format method 2
  StringBuffer hexString = new StringBuffer();
for (int i=0;i

I'm getting the right output but could not able to save the hash password into the database it's being stored as a Text.

pa1joc

I think you provide normal username and password to ps you need to provide hex code

pa1joc

Hello chdboy please check this line

PS.setString(1, User);
PS.setString(2, _Pass);
PS.executeUpdate();

you have provided normal text to user and password field While you need to provide hex code in this line no 1 and 2

chdboy

Thanks a lot ...now let's see if there is a problem in getting hex code back to the string when user enter details .:)

Lost User

You shouldn't need to, that means anyone else can, and your system is not secure. Passwords should use one-way hashes so they can never be converted back to the original string. See Secure Password Authentication Explained Simply[^].

Use the best guess