JavaScript MD5 for AJAX

for our big AJAX-application we needed MD5 (RFC 1321) to make a one way hash for login-informations. we found an MD5-function written by Paul Johnston which is really short and worked fine for us. unfortunately these functions where not object-oriented. so handgestrickt rewrote the code a little bit and put everything into a namespace. you can download it here and feel free to use it.

Download

loading the libraries:

first download the appropriate file. Save it in the same directory as your html file and insert this tag:

<script type="text/javascript" src="MD5.js"></script>

alternatively, you can copy the code and paste it straight into your html file, inside <script>...</script>.

calculating a hash

usually you'll want to get the result in hexadecimal, so it can be submitted as part of a form without worrying about URL encoding.

<script type="text/javascript">
 hash = MD5.hex_md4('input string');
 hash = MD5.hex_md5('input string');
 hash = MD5.hex_sha1('input string');
</script>

note that the input must be a string - MD5.hex_md5(Math.random()) will not funcation correctly; you must do MD5.hex_md5(Math.random().toString()).

you can also get the result in base-64 encoding:

<script type="text/javascript">
 hash = MD5.b64_md4('input string');
 hash = MD5.b64_md5('input string');
 hash = MD5.b64_sha1('input string');
</script>

you can also get the result as a binary string; this is discussed below.

HMACs - keyed hashes

in many uses of hashes you end up wanting to combine a key with some data. It isn't so bad to do this by simple concatenation, but HMAC is a carefully designed method, known to be very secure. The usage is:

<script type="text/javascript">
 hash = MD5.hex_hmac_md4('key','data');
 hash = MD5.hex_hmac_md5('key','data');
 hash = MD5.hex_hmac_sha1('key','data');
</script>

The HMAC result is also available base-64 encoded or as a binary string, using b64_hmac_* or str_hmac_*.

configurable options

there are a few configurable variables; you may have to tweak these to be compatible with the hash function on the server.

hexcase the case of the letters A-F in hexadecimal output 0 - lower case (default)
1 - upper case
b64pad the character used to pad base-64 output to a multiple of 3 bytes "" - no padding (default)
"=" - for strict RFC compliance
chrsz whether string input should be treated as ASCII or UniCode 8 - ASCII (default)
16 - UniCode

to set a variable, use a syntax like this:

<script type="text/javascript" src="MD5.js"></script>
<script type="text/javascript">
 MD5.chrsz = 16;
</script>

in general, it's ok to change the values of these variables between calls to the library; for example you can do ASCII and UniCode hashes on the same page. however, you can't change chrsz and then re-use data returned by a str_* function.

binary string output

this representation is useful when you want to feed the result of a hash operation back into another operation. the ability to do this lets you create a variety of cryptographic protocols.

for example, to do a double hash:

double_hash = MD5.hex_md5(str_md5(data));

the string is encoded so each character of a string represents either one or two bytes, in ASCII and UniCode respectively. this would be troublesome to send over HTTP as form data, but JavaScript strings are completely binary safe.

related:
MD5 (RFC 1321)
MD5 (Wikipedia)
MD5-function written by Paul Johnston

Monday, 12. March 2007 • trackback url

Add Comment

( to reply to a comment, click the reply link next to the comment )

Comment Title:
Your Name:
Email Address:
Make Public?
Website:
Make Public?

Comment:


Allowed XHTML tags : a, b, i, strong, code, acrynom, blockquote, abbr. Linebreaks will be converted automatically.


Captcha:

captcha image

Soundfile:

Link to a spoken Soundfile of the Captcha

please type the content of the above image or the soundfile into the following form-field: