I started to reply to ginni's comment to my last post but ran out of room so I will expand on a separate post.

Since specifying the provider wasn't working properly, I had to skip the JCE API and call out to BouncyCastle directly. Following the 1.34 javadoc, I wrote some code like this:

byte[] clearBytes = myString.getBytes("UTF8");
org.bouncycastle.crypto.digests.MD5Digest md5Digest = new MD5Digest();

byte[] hashedBytes = new byte[16];

That's pretty much it. You can then use something like Jakarta Commons Codec's Base64 to encode into a printable String.

byte[] base64Bytes = org.apache.commons.codec.binary.Base64.encodeBase64(hashedBytes);
String displayableHashValue = new String(base64Bytes, "UTF8");

Of course this method has its drawbacks: specifically that if you ever want to use a provider other than BouncyCastle, it involves code changes. But this was the fasted way to get the system running without error. And the likelihood of us ever replacing BouncyCastle is small enough that I can live with code changes.