|MD4||download||view source||RFC 1320|
|MD5||download||view source||RFC 1321|
|SHA-1||download||view source||FIPS PUB 180-1|
calcMD4("test hash") = "549089516e75bd13c41ff098fbb58d5e"
calcMD5("message digest") = "f96b697d7cb7938d525a2f31aaf161d0"
calcSHA1("160-bit hash") = "90d925d853c3d35cd54070bb75280fefad9de9e7"
|Using the Library|
First you need to download the appropriate files for the hashes you want to use: md4.js, md5.js, or sha1.js. Save them in the same directory as your html file and insert these tags as required:
When you want to calculate a hash, use the following functions:
The functions return a string representation of the hash in lower-case hexadecimal. If you prefer it in upper case, do something like this:
hash = calcMD4("input string");
hash = calcMD5("input string");
hash = calcSHA1("input string");
uc_hash = calcMD5("message").toUpperCase();
The reason I wrote the MD5 implementation was to improve security on a login form on a website I was making, for a web space account with no SSL capability. You can use a secure hash function to avoid sending the password as clear text. This is more secure than using .htaccess file based access control. First the web server sends a random variable to the client. The client asks the user for the password, and makes the MD5 hash of the random variable and password. It sends this to the server. The server make the MD5 hash of the random variable and its stored password. If the two hashes match, then the user knew the correct password, and the server allows access. At no point was the password transmitted in the clear. An eavesdropped won't be able to do a replay attack as the server will then expect a different random variable.
|6 Feb 2001||I've updated the code for all three hashes to works around the bug in IE and Netscape on Macs.|
|1 Feb 2001||Andrew Kepert independently sent me a fix for the same problem.|
|25 Jan 2001||Greg Holt has fixed the portability problems with the MD5 code on Macintoshes. I'd never been able to figure out how to do that, so thanks a lot mate! I've put the updated code on the site so everyone can use it.|
|25 Jan 2001||Andrew Collins has submitted an update to make the MD5 code a fully encapsulated object. This is not backwardly comaptible, so I haven't updated the main code, but you can download the MD5 object vesion.|
|7 July 2000||I've added code for MD4 by Jerrad Pierce and my SHA-1 code.|
|1 July 2000||I've updated the code so it should be a little easier to understand.|
|6 May 2000||After looking at the RFC, Perl's MD5 module and PHP's MD5 funtion, I've changed the code so it returns a lower-case string. Thanks to Brian Lozier for noticing this.|
|25 Mar 2000||Code changed to use |
|8 Mar 2000||I've slightly improved the code to remove calls to Math.pow, now I've discovered the |
|15 Feb 2000||Peter Valach has given me a fix for a problem with operator precedence in Opera.|
Copyright 1998 - 2001 Paul Johnston Disclaimer Updated: 12 Mar 2001 Built: 8 Apr 2001<