In my experience, defaults are a tremendous and never-ending source of hard-to-find bugs in Java crypto. They can bite anybody but they prey on beginners. A beginner is most likely to choose defaults because, by their very nature, they are confused and are looking to simplify. And they are hard to spot, indeed almost invisible, because they are not there. When you look at String.getBytes()
it looks completely innocent. Why would a beginner suspect that new String(s.getBytes())
is ever not equal to s
? Worst of all, testing seems to indicate it is true. It is only when you transport the byte[]
from s.getBytes()
to another platform with a different platform default character set that you notice the bug.
Never use String.getBytes()
, always use String.getBytes(Charset)
. Never use the String(byte[])
constructor, always use String(byte [], Charset)
constructor. You can always use the UTF-8 charset (Charset.forName("UTF-8")
). I use it exclusively.
Similarly, always specify all three components algorithm/mode/padding in the Cipher.getInstance(String)
factory method.