How to use MD5 in javascript to transmit a password

Question

I have a jquery dialog modal box pop up for logging into my website   When a user clicks login it does a post request to a login php file as follows     post         includes login php            user  username  pass  password          onLogin          json       How do I do an md5 on that password before putting it in the post request   Also  I have the user s passwords stored in a MySQL database using MD5    so I would like to just compare the stored version of the password with the MD5 of the password submitted   Thanks to anyone that replies

User · Answer

If someone is sniffing your plain-text HTTP traffic  or cache cookies  for passwords just turning the password into a hash won t  help - The hash password can be  replayed  just as well as plain-text  The client would need to hash the password with something somewhat random  like the date and time  See the section on  AUTH CRAM-MD5  here   http   www fehcom de qmail smtpauth html

User · Answer

I would suggest you to use CryptoJS in this case   Basically CryptoJS is a growing collection of standard and secure cryptographic algorithms implemented in JavaScript using best practices and patterns  They are fast  and they have a consistent and simple interface   So In case you want calculate hash MD5  of your password string then do as follows     lt script src  http   crypto-js googlecode com svn tags 3 0 2 build rollups md5 js  gt  lt  script gt   lt script gt      var passhash   CryptoJS MD5 password  toString           post         includes login php            user  username  pass  passhash          onLogin          json      lt  script gt    So this script will post hash of your password string to the server   For further info and support on other hash calculating algorithms you can visit at   http   code google com p crypto-js

User · Answer

if you re using php jquery  this might help         ajax           url  phpmd5file php           data   mypassword  mypassword           dataType  json           method  POST           success function mymd5password               alert mymd5password                       on your phpmd5 php file   echo json encode   POST  mypassword      no jsplugins needed  just use ajax and let php md5   do the job

User · Answer

You might want to check out this page  http   pajhome org uk crypt md5   However  if protecting the password is important  you should really be using something like SHA256  MD5 is not cryptographically secure iirc   Even more  you might want to consider using TLS and getting a cert so you can use https

User · Answer

In response to jt  You are correct  the HTML with just the password is susceptible to the Man in the middle attack  However  you can seed it with a GUID from the server         post     includes login php        user  username  pass    md5 password   GUID        onLogin      json       This would defeat the Man-In-The middle     in that the server would generate a new GUID for each attempt

User · Answer

crypto-js is a rich javascript library containing many cryptography algorithms   All you have to do is just call CryptoJS MD5 password     post     includes login php        user  username  pass  CryptoJS MD5 password       onLogin      json

[javascript] How to use MD5 in javascript to transmit a password

Examples related to javascript

Examples related to jquery

Examples related to post

Examples related to passwords

Examples related to md5