How To Use Md5 In Javascript To Transmit A Password
Solution 1:
crypto-js is a rich javascript library containing many cryptography algorithms.
All you have to do is just call CryptoJS.MD5(password)
$.post(
'includes/login.php',
{ user: username, pass: CryptoJS.MD5(password) },
onLogin,
'json' );
Solution 2:
If someone is sniffing your plain-text HTTP traffic (or cache/cookies) for passwords just turning the password into a hash won't help - The hash password can be "replayed" just as well as plain-text. The client would need to hash the password with something somewhat random (like the date and time) See the section on "AUTH CRAM-MD5" here: http://www.fehcom.de/qmail/smtpauth.html
Solution 3:
I would suggest you to use CryptoJS in this case.
Basically CryptoJS is a growing collection of standard and secure cryptographic algorithms implemented in JavaScript using best practices and patterns. They are fast, and they have a consistent and simple interface.
So In case you want calculate hash(MD5) of your password string then do as follows :
<scriptsrc="http://crypto-js.googlecode.com/svn/tags/3.0.2/build/rollups/md5.js"></script><script>var passhash = CryptoJS.MD5(password).toString();
$.post(
'includes/login.php',
{ user: username, pass: passhash },
onLogin,
'json' );
</script>
So this script will post hash of your password string to the server.
For further info and support on other hash calculating algorithms you can visit at:
Solution 4:
You might want to check out this page: http://pajhome.org.uk/crypt/md5/
However, if protecting the password is important, you should really be using something like SHA256 (MD5 is not cryptographically secure iirc). Even more, you might want to consider using TLS and getting a cert so you can use https.
Solution 5:
In response to jt. You are correct, the HTML with just the password is susceptible to the Man in the middle attack. However, you can seed it with a GUID from the server ...
$.post(
'includes/login.php',
{ user: username, pass: $.md5(password + GUID) },
onLogin,
'json' );
This would defeat the Man-In-The middle ... in that the server would generate a new GUID for each attempt.
Post a Comment for "How To Use Md5 In Javascript To Transmit A Password"