[Improve](mysql)ensure constant time for computing hash value (#21569)

fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlPassword.java

@@ -29,7 +29,6 @@ import org.apache.logging.log4j.Logger;
 import java.io.UnsupportedEncodingException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.util.Arrays;
 import java.util.Random;
 
 // this is stolen from MySQL
@@ -82,7 +81,7 @@ public class MysqlPassword {
     public static final byte PVERSION41_CHAR = '*';
     private static final byte[] DIG_VEC_UPPER = {'0', '1', '2', '3', '4', '5', '6', '7',
             '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
-    private static Random random = new Random(System.currentTimeMillis());
+    private static final Random random = new Random(System.currentTimeMillis());
 
     public static byte[] createRandomString(int len) {
         byte[] bytes = new byte[len];
@@ -141,10 +140,10 @@ public class MysqlPassword {
 
         // compute result2: SHA-1(result1)
         md.reset();
-        byte[] candidateHash2 = md.digest(hashStage1);
-
-        // compare result2 and hashStage2
-        return Arrays.equals(candidateHash2, hashStage2);
+        md.update(hashStage1);
+        byte[] candidateHash2 = md.digest();
+        // compare result2 and hashStage2 using MessageDigest.isEqual()
+        return MessageDigest.isEqual(candidateHash2, hashStage2);
     }
 
     // MySQL client use this function to form scramble password