|
MD5 is a secure hash algorithm. It takes a string as input, and produces a 128-bit number, the hash. The same string always produces the same hash, but given a hash, it is not generally possible to determine the original string. Secure hash algorithms are useful for protecting passwords and ensuring data integrity.
This site has a JavaScript implementation of MD5, and some other secure hash algorithms. This allows web sites to perform simple cryptography on clients, enabling some useful applications:
- Protecting Passwords
- Without protection, passwords are vulnerable to network sniffing. An attacker could be monitoring an open wireless access point, or using a tool like tcpdump on an ethernet network. JavaScript MD5 provides basic protection of passwords, for sites that do not use SSL. more...
- Generating Passwords
- Most people have accounts on many different web sites. It isn't possible to remember so many passwords, so most people use the same password everywhere. If one web site suffers a security breach, or has a malicious operator, all your online accounts are at risk. Password generators help solve this problem. more...
- Self-Decrypting Pages
- Internet email messages are vulnerable to interception and generally considered unsuitable for confidential communication. A self-decrypting page is unreadable until the correct password is entered. Pages can be attached to emails to support confidential communication. more...
Demonstration
hex_md5("message digest") = "f96b697d7cb7938d525a2f31aaf161d0"
hex_sha1("160-bit hash") = "90d925d853c3d35cd54070bb75280fefad9de9e7"
More Information
- Scripts
- Download the scripts, see information about their history and future plans, and links to other resources. more...
- Instructions
- How to use the scripts to calculate hashes. more...
- Protecting Passwords
- How to build a web login system that protects passwords with JavaScript MD5. more...
- Advanced Authentication
- More ideas for protecting passwords, to cope with some of the limitations of the basic system. more...
- Other Uses
- The scripts have uses besides protecting passwords. more...
- Browser Test
- The list of browsers and versions on which the script is known to work correctly. more...
Algorithm Information
Collision Weakness
In 2004, a cryptographic weakness was discovered in both the MD5 and SHA-1 algorithms. One of the design goals of secure hash algorithms is "collision resistance". In others words, someone can't find two strings that hash to the same value. Because MD5 is 128-bit, by random chance you will find a collision by producing 264 hashes. The weakness in MD5 is that a way has been found to produce such collisions with only 242 hashes. This makes producing collisions practical and I have seen an example of 100 different collisions.  more...
Most uses of JavaScript hashing (e.g. protecting passwords) do not rely on the collision resistance property. These weaknesses do not create any vulnerability in such web sites. I recommend continuing to use these algorithms for JavaScript hashing.
Users of the Script
|
