Not only is MD5 deprecated in favour of more secure algorithms, it's a hashing algorithm, not an encryption algorithm. There is no "password", and you cannot "decrypt" the hashed value. But that's a good thing, because you should never be able to decrypt the user's password. To validate that the user has entered the correct password, you just apply exactly the same hashing algorithm to the entered password, and compare the result to the stored hash value. Salted Password Hashing - Doing it Right[^] As for doing the hashing on the client side, that's a very bad idea. Anyone who can sniff the network traffic doesn't need to know the original password to impersonate the user; they can just submit the hashed password instead. Set up an SSL certificate on your site, and ensure that your login page is only ever served over HTTPS. That way, the infrastructure will protect the password in-flight, and you can do your salted password hashing on the server, where it belongs. "These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer

Have a look at String.toCharArray() ? See here[^] Cheers, Peter Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012

Yeah, spotted that after I posted my comment. However, it doesn't add much to what I already asked so, nuff's 'ead. Use the best guess

The superscript denote that its a java application. Except this what is your problem? Regards Shubhashish