Thanks to the astute readers who have written in with suggestions for how to make the book better. As usual, I'm offering $10 for the first person to report each bug.
- Thanks to David Bergert: When I wanted to upgrade this book, I wanted to emphasize that MD5 is not consider to be safe against all forms of attack. While it can probably be used for very casual databases, it's best to use a top of the line function like SHA256. To fix this in the code, I imagined that someone could simply drop in a version of SHA256 by creating a new HashBean object with the same methods as the MD5 object I used in the first version. So lines like this:
MD5 hashWithMe=new MD5();
became:
HashBean hashWithMe=new SHA256();
This same problem exists in the Quantization chapter.
There are a number of good sources for SHA256 code. Sun ships crypto solutions to most countries. You can find suggestions on how to use it in the OWASP project. Another source is raw SHA256 code like the source found in gnu.crypto.* packages.