Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

MD5 in Javascript

One of the things that has always bugged me about creating login forms for web based applications is that the password is passed in clear text when the user logs in. Even if you then set a session cookie of some sort for future access the password has stilled been transmitted unencrypted at least once.

The obvious way around this is to use https, but for the vast majority of sites this isn’t an option. Enter Javascript MD5—an implementation of the cryptographically secure MD5 hashing function in Javascript. This can be used to build a CHAP login system where the client sends the MD5 of the password appended on to a challenge string, which the server can then recalculate and compare (all without the password being transmitted from client to server).

The author links to implementations of this idea in various languages, and implementing it from scratch in PHP is quite trivial. With a bit of care the system can be set up so that browsers with no javascript support submit the password normally, while those with javascript send only the hash.

A modified version of the system is used by Yahoo’s Login Page, so it is certainly feasible for deployment in a commercial environment. Obviously an https encrypted session is far more secure, but for non-ecommerce web applications this technique is a no-brainer.

Posted 20th April 2003 at 5:50 pm

This is MD5 in Javascript by Simon Willison, posted on 20th April 2003.

View blog reactions

Next: What the F* Happened?

Previous: Flamin' CSS

11 comments

  1. Uh, Simon. You know about HTTP Digest Authentication, right? ☺

    Ian Hickson - 20th April 2003 19:35 - #

  2. Something clicks - I'd only ever used basic authentication before which (as far as I can remember) just encodes the password in base64. So digest authentication does the same thing as that javascript thing? Coooool... still not ideal for writing web applications though as you lose the ability to log out / control the length of the session.

    Simon Willison - 20th April 2003 20:28 - #

  3. I used that library (or maybe it was another similar javascript md5 lib) for my own blogging tool, back in the day when I was still working on it. Sending the MD5 hash as plaintext made me feel a bit better, but there's still the possibility of an interception. Instead of sniffing out your password, the hacker just sniffs out the hash and uses it instead. But hey, I still use plaintext passwords when I FTP... heh.

    rick - 21st April 2003 01:00 - #

  4. Well, digest authentication is a bt more than a simple, single MD5 hash, but yeah that's the idea. However, last I checked (a year ago), IE's implementation of digest authentication was broken. http://www.eweek.com/print_article/0,3668,a%3D2417 7,00.asp My favorite bit, Microsoft's response: "the nature of this particular issue does not put customer data at risk or pose a known security threat, so the fix will be prioritized accordingly".

    Sam Buchanan - 21st April 2003 03:21 - #

  5. Don't think PHP supports Digest Authentication at the moment (http://www.faqchest.com/prgm/php-l/php-02/php-020 8/php-020867/php02082211_16565.html) - basic PHP would need to populate some global variable as it does with basic authentication. "Sending the MD5 hash as plaintext made me feel a bit better, but there's still the possibility of an interception." The "trick" would be for the PHP script to generate a random seed for the has that JavaScript would use - that way no two hashes would be the same - this is basically the approach of Digest Authentication I believe

    Harry Fuecks - 21st April 2003 16:55 - #

  6. The "trick" would be for the PHP script to generate a random seed for the has that JavaScript would use - that way no two hashes would be the same

    That's exactly what I'm doing. Take a look at the login form I've been putting together here (for a Uni project).

    Simon Willison - 21st April 2003 17:02 - #

  7. MD5 is no longer considered "cryptographically secure". The more paranoidally (word?) inclined generally recommend using SHA-1. MD5 is mainly used for legacy issues now, new designs should be using SHA1. Go through Usenet archives of sci.crypt for more details.

    Dave - 23rd April 2003 02:23 - #

  8. Do you have any solution for this method completely breaking the browser's auto-complete mechanism? I haven't found any way around it...

    Tom - 24th April 2003 09:49 - #

  9. I've a little problem..... if i enabled UTF-8 enconding in Explorer 6 then MD5 didn't work!!!

    michele - 7th July 2003 14:36 - #

  10. tester

    tester - 11th March 2005 20:32 - #

  11. If you use hash the password and then append the salt and then hash that entire thing: sha1(sha1(pass) + salt) --- where salt is a random string sent to the client before s/he logs in This will keep the user from just sniffing out the hash, and since brute force attack on a 40 character string would take a long time, it is relatively safe. The key is to always change your salt.

    Kelt - 29th June 2006 03:39 - #

Comments are closed.

Previously hosted at http://simon.incutio.com/archive/2003/04/20/javascriptMD5

A django site