• Post Reply Bookmark Topic Watch Topic
  • New Topic

Using hashCode()  RSS feed

 
Vijay Chandran
Ranch Hand
Posts: 186
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear friends,

Is the hashcode() method really secure when used for hashing purposes?
Can it be used for hashing in my application?

Does hashCode return unique value every time it is invoked?
My application has to be really secure

Kindly provide your help.

Regards,
Vijay
 
Campbell Ritchie
Marshal
Posts: 56553
172
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No.

It's hashCode not hashcode. Go and look through the API for java.lang.Object and you find this method is designed to return the same value for pairs of objects where equals() returns true. It is not designed for high-security applications. Don't know a lot about that, but I think you need to go through the API for SHA1 classes.
 
Peter Chase
Ranch Hand
Posts: 1970
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The purpose of java.lang.Object.hashCode() method is very different to the purpose of a secure hash-code like SHA. The purpose of java.lang.Object.hashCode() is simply to allow efficient storage and retrieval of objects in collections; it has nothing to do with security at all.

The hash codes returned by java.lang.Object.hashCode() can be created by any number of different means. The default is simply to return a value representing the identity of the object, irrespective of values of its fields. This is often overridden with an algorithm based on the values of field(s) in subclasses. Occasionally, a hashCode() override may even return a constant value for all objects of the class; that's perfectly legal.
 
Peter Chase
Ranch Hand
Posts: 1970
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by vijaychandran rajagopalan:
My application has to be really secure


Be aware that to make an application "really secure" is exceptionally difficult. It requires careful analysis of all the possible attacks, and careful design of ways around them. Even so, most programs turn out to be vulnerable to some or other attack.

From your post, it sounds as if you may be quite new to Java and/or programming in general. If that's the case, you are unlikely to be able to write a "really secure" application, without considerable help. Frankly, I'm not sure I could do it, and I've done Java for 10 years and computing for 20. If you have a customer expecting "really secure" and they don't have very, very deep pockets and plenty of time, you'd better adjust their expectations.
 
Vijay Chandran
Ranch Hand
Posts: 186
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Whew!!!

Got to know that using hashCode() using is not recommended. Totally misunderstood the hashCode() concept. Now i got it.

Thanks a lot for everyone for your precious replies!!


Regards,
Vijay
 
Pat Farrell
Rancher
Posts: 4686
7
Linux Mac OS X VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Peter Chase:

Be aware that to make an application "really secure" is exceptionally difficult.


What Peter said. "Really secure" is too vague, but if you seriously mean it, you have to spend serious money. One has to spend fairly serious money just to identify the threat model you need to worry about.

After you know the threat model, then you can start spending money for professionals.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!