Generating SHAs the same way PhP would

Im attempting to create a plugin to register users on my website by simply typing /register [password] ingame and it records it in a mysql database, if this is really impossible I guess I could store the passwords in plain text but if possible I would like to not. Currently I have it generating them the wrong way somehow but the data is being recorded in the mysql database correctly. Sorry if I use a lot of terms the wrong way, I am relatively new to bukkit and java developement.
My hash code (bukkit) :

Code:

Random r = new SecureRandom();
                byte[] salt = new byte[8];
                r.nextBytes(salt);
                MessageDigest md = null;
                try {
                    md = MessageDigest.getInstance("SHA-256");
                } catch (NoSuchAlgorithmException e1) {
                    e1.printStackTrace();
                }
                try {
                    md.update(password.getBytes("UTF-8"));
                } catch (UnsupportedEncodingException e1) {
                    e1.printStackTrace();
                }
                byte[] passwordb = md.digest();
                String passwordc = new String(passwordb);

The string passwordc is what I send to the mysql database.
The PhP hash code:

Code:

$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
        $password = hash('sha256', $_POST['password'] . $salt); 

$password is sent to the mysql database. I have verified that both methods are sending data but the bukkit plugins hash looks completely different
Both with the password lemon
Bukkit: Password: dzS\A *?*E?? salt: {Y@
PhP: password: c7f52442532f62b51384216f45b35f7054cb0eeccf89f8ff218e5a051672b04b salt: 51d7b6696ec3343d
Could someone please explain how I would create a hash in java the same way as php. Thanks.

 

bukkit: every letter respresenting 8 bits
phhp: every letter represents 4 bits (hex)

 

Im no cryptographic expert, but doesnt the salt have to be a constant? Otherwise how are you going to compare two passwords generated with diffrent salts and see if the entered password is correct?

 

So how would I make the bukkit the same as php or would it not be possible?

I always used the same password to create each salt and password hash and it seems like both the password hash and salt are different each time, but I really have no idea how a lot of it works.

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

As far as i can remember you add the salt before you hash a password like this:

Salt: 654321
Password: TesT1234

Then you add the salt to the password before you hash it like this.
TesT1234654321 -> hash -> "hascode" -> store in db

Then when a player tries to log in he enters his password:

Entered password: TesT1234

password+hash (TesT1234654321) -> hash -> "hashcode" -> compare this hash to the one in the database, if match correct password

 

Ok. The salt seems to be different for bukkit and php. Do you know how I would make them generate the salt and hash the same?

 

No sorry. As i said i dont know much about encryption, i have never worked with it only read some about it a few years ago and might very well be incorrect

 

make the hash (salt*) static insie code or config, one generated, only chance is by chancing theconfig

 

I think Ill just store them in plain text or use some sort of extremely simple encryption system a little like Pig Latin.

 

What I would do is create a PHP script to add the user to the database and everything and have the plugin merely input that data to the script. If you need some example code I'll gladly show you some.

 

Generally salts are generated just once, when a new user is registered, and are stored alongside the username and hashed password. Then when a user tries to log in, the stored salt is used.

I'm sure you're just kidding, but please please please don't store passwords in plain text.