JavaScript MD5

Introduction

The MD4, MD5 and SHA-1 algorithms are all secure hash functions. They take a string as input, and produce a fixed size number - 128 bits for MD4 and MD5; 160 bits for SHA-1. This number is a hash of the input - a small change in the input results in a substantial change in the output number. The functions are thought to be secure in the sense that it requires an enormous amount of computing power and time to find a string which hashes to a chosen value. In others words, there's no way to decrypt a secure hash. The uses of secure hashes include digital signatures and challenge hash authentication. You can download free JavaScript implementations of all three algorithms:

MD4 download view source RFC 1320

MD5 download view source RFC 1321

SHA-1 download view source FIPS PUB 180-1

The code works with most JavaScript implementations; Andrew Kepert has written a browser compatibility test with on-line results.

Demonstration

Input

Calculate

Result

calcMD4("test hash") = "549089516e75bd13c41ff098fbb58d5e" calcMD5("message digest") = "f96b697d7cb7938d525a2f31aaf161d0" calcSHA1("160-bit hash") = "90d925d853c3d35cd54070bb75280fefad9de9e7"

Using the Library

First you need to download the appropriate files for the hashes you want to use: md4.js, md5.js, or sha1.js. Save them in the same directory as your html file and insert these tags as required:

<script language="JavaScript" src="md4.js"></script> <script language="JavaScript" src="md5.js"></script> <script language="JavaScript" src="sha1.js"></script>

When you want to calculate a hash, use the following functions:

<script language="JavaScript"> hash = calcMD4("input string"); hash = calcMD5("input string"); hash = calcSHA1("input string"); </script>

The functions return a string representation of the hash in lower-case hexadecimal. If you prefer it in upper case, do something like this:

uc_hash = calcMD5("message").toUpperCase();

Why a JavaScript implementation?

The reason I wrote the MD5 implementation was to improve security on a login form on a website I was making, for a web space account with no SSL capability. You can use a secure hash function to avoid sending the password as clear text. This is more secure than using .htaccess file based access control. First the web server sends a random variable to the client. The client asks the user for the password, and makes the MD5 hash of the random variable and password. It sends this to the server. The server make the MD5 hash of the random variable and its stored password. If the two hashes match, then the user knew the correct password, and the server allows access. At no point was the password transmitted in the clear. An eavesdropped won't be able to do a replay attack as the server will then expect a different random variable.

One caveat with using JavaScript cryptography is that it only protects you against passive eavesdropping. A malicious attacker who can modify network traffic can intercept the transmission of the JavaScript code and replace it with code that releases the password. There is no way round this, as the JavaScript is downloaded over an insecure link.

Password protection demonstration

Change History

6 Feb 2001 I've updated the code for all three hashes to works around the bug in IE and Netscape on Macs.

1 Feb 2001 Andrew Kepert independently sent me a fix for the same problem.

25 Jan 2001 Greg Holt has fixed the portability problems with the MD5 code on Macintoshes. I'd never been able to figure out how to do that, so thanks a lot mate! I've put the updated code on the site so everyone can use it.

25 Jan 2001 Andrew Collins has submitted an update to make the MD5 code a fully encapsulated object. This is not backwardly comaptible, so I haven't updated the main code, but you can download the MD5 object vesion.

7 July 2000 I've added code for MD4 by Jerrad Pierce and my SHA-1 code.

1 July 2000 I've updated the code so it should be a little easier to understand.

6 May 2000 After looking at the RFC, Perl's MD5 module and PHP's MD5 funtion, I've changed the code so it returns a lower-case string. Thanks to Brian Lozier for noticing this.

25 Mar 2000 Code changed to use charCodeAt function instead of the dodgy sAscii variable. Thanks to Erik Johnson for suggesting this.

8 Mar 2000 I've slightly improved the code to remove calls to Math.pow, now I've discovered the >>> operator.

15 Feb 2000 Peter Valach has given me a fix for a problem with operator precedence in Opera.

MD4	download	view source	RFC 1320
MD5	download	view source	RFC 1321
SHA-1	download	view source	FIPS PUB 180-1

6 Feb 2001	I've updated the code for all three hashes to works around the bug in IE and Netscape on Macs.
1 Feb 2001	Andrew Kepert independently sent me a fix for the same problem.
25 Jan 2001	Greg Holt has fixed the portability problems with the MD5 code on Macintoshes. I'd never been able to figure out how to do that, so thanks a lot mate! I've put the updated code on the site so everyone can use it.
25 Jan 2001	Andrew Collins has submitted an update to make the MD5 code a fully encapsulated object. This is not backwardly comaptible, so I haven't updated the main code, but you can download the MD5 object vesion.
7 July 2000	I've added code for MD4 by Jerrad Pierce and my SHA-1 code.
1 July 2000	I've updated the code so it should be a little easier to understand.
6 May 2000	After looking at the RFC, Perl's MD5 module and PHP's MD5 funtion, I've changed the code so it returns a lower-case string. Thanks to Brian Lozier for noticing this.
25 Mar 2000	Code changed to use `charCodeAt` function instead of the dodgy `sAscii` variable. Thanks to Erik Johnson for suggesting this.
8 Mar 2000	I've slightly improved the code to remove calls to Math.pow, now I've discovered the `>>>` operator.
15 Feb 2000	Peter Valach has given me a fix for a problem with operator precedence in Opera.