JavaScript MD5

 Introduction

The MD4, MD5 and SHA-1 algorithms are secure hash functions. They take a string input, and produce a fixed size number - 128 bits for MD4 and MD5; 160 bits for SHA-1. This number is a hash of the input - a small change in the input results in a substantial change in the output. The functions are thought to be secure, in the sense that it would require an enormous amount of computing power to find a string which hashes to a chosen value. In others words, there's no way to decrypt a secure hash. The uses of secure hashes include digital signatures and challenge hash authentication.

 Demonstration

Input
Calculate
Result

hex_md4("test hash") = "549089516e75bd13c41ff098fbb58d5e"
hex_md5("message digest") = "f96b697d7cb7938d525a2f31aaf161d0"
hex_sha1("160-bit hash") = "90d925d853c3d35cd54070bb75280fefad9de9e7"

 The Scripts

MD4 download v2.1 view source RFC 1320 old v1.1 (originally by Jerrad Pierce)
MD5 download v2.1 view source RFC 1321 old v1.1
SHA-1 download v2.1 view source FIPS PUB 180-1 old v1.1

  • The code works with most JavaScript implementations; Andrew Kepert has written a browser compatibility test with on-line results.
  • It also works with other ECMA-script compatible languages, such as ActionScript.
  • MD4 is not considered as secure as the alternatives.

 Quick instructions

First download the appropriate files from the links above. Save them in the same directory as your html file and insert a tag like:

<script language="JavaScript" src="js/md5.js"></script>
When you want to calculate a hash, use:
<script language="JavaScript">
  hash = hex_md5("input string");
</script>
or md4/sha1 appropriately. These functions return the hash in hexadecimal. The library can also generate HMACs for all three algorithms.

 Uses of hashes

  • Challenge hash authentication - a simple way to protect passwords. This is the most common use of the JavaScript implementation
  • Data integrity and message authentication codes
  • Generating unique id numbers, e.g. from an email address
  • Harvesting entropy, e.g. squashing a passphrase down to a 128-bit cipher key
  • Bit commitment, e.g. this logic game by Thomas Lussnig. Here the server sends a hash to the client, which commits it to a particular choice of secret colours, but without revealing what the colours are.
  • One-way encryption of passwords - the BSD-style algorithm for MD5 passwords is very widely used, but this utilises many repeated MD5 calculations - not practical in JavaScript
  • To make a pseudo symmetric-encryption algorithm

 Limitations of JavaScript Cryptography

Over the web, JS cryptography can only protect against passive eavesdropping, as the JavaScript itself is downloaded over an insecure link. If an attacker can modify network traffic, they can make malicious changes to the JavaScript code.

In any case, JS interpreters are not designed for secure programming. They may leave sensitive information lying about in memory. They're too slow for some algorithms, e.g. BSD-style MD5 passwords, or RSA with full-size keys. Bitwise operations are buggy in several implementations.

 Users of my Script

  • Yahoo! use it for all non-SSL logins.
  • Paradigm Healthcare use it for admin logins. One of their engineers contributed a bug fix to the base-64 routines.
  • Many others, please send in links

 Hash code in other languages

The ones marked * are based on my code.

 More JavaScript Cryptography

There is a lot of low-grade JS crypto about, but these links are all to relatively high-grade algorithms:

© 1998 - 2003 Paul Johnston, distributed under the BSD License   Updated: 27 Jul 2003