Xrhrft

6 3 $begingroup$ I'd like to encrypt Text with AES/CTR and a password defined by the user in java. I already checked the internet (and stackoverflow) for answers. The most used version is to hash the user password with sha1 and take only the first 16 bytes. But I don't think this can be a good practice. sha1 is weak taking only the first 16 bytes makes the hash also weak and rise the chance for a collision (even with sha-256) Is this really the best practice? Why? How can I do things better? Some links to the articles I mentioned: https://stackoverflow.com/questions/3451670/java-aes-and-using-my-own-key https://howtodoinjava.com/security/java-aes-encryption-example/ https://blog.axxg.de/java-aes-verschluesselung-mit-beispiel/ encryption hash aes