JavaScript MD5


The MD4, MD5 and SHA-1 algorithms are all secure hash functions. They take a string as input, and produce a fixed size number - 128 bits for MD4 and MD5; 160 bits for SHA-1. This number is a hash of the input - a small change in the input results in a substantial change in the output number. The functions are thought to be secure in the sense that it requires an enormous amount of computing power and time to find a string which hashes to a chosen value. In others words, there's no way to decrypt a secure hash. The uses of secure hashes include digital signatures and challenge hash authentication. You can download free JavaScript implementations of all three algorithms:

MD4 download view source RFC 1320
MD5 download view source RFC 1321
SHA-1 download view source FIPS PUB 180-1

The code works with most JavaScript implementations; Andrew Kepert has written a browser compatibility test with on-line results.



calcMD4("test hash") = "549089516e75bd13c41ff098fbb58d5e"
calcMD5("message digest") = "f96b697d7cb7938d525a2f31aaf161d0"
calcSHA1("160-bit hash") = "90d925d853c3d35cd54070bb75280fefad9de9e7"

 Using the Library

First you need to download the appropriate files for the hashes you want to use: md4.js, md5.js, or sha1.js. Save them in the same directory as your html file and insert these tags as required:

<script language="JavaScript" src="md4.js"></script>
<script language="JavaScript" src="md5.js"></script>
<script language="JavaScript" src="sha1.js"></script>
When you want to calculate a hash, use the following functions:
<script language="JavaScript">
  hash = calcMD4("input string");
  hash = calcMD5("input string");
  hash = calcSHA1("input string");
The functions return a string representation of the hash in lower-case hexadecimal. If you prefer it in upper case, do something like this:
uc_hash = calcMD5("message").toUpperCase();

 Why a JavaScript implementation?

The reason I wrote the MD5 implementation was to improve security on a login form on a website I was making, for a web space account with no SSL capability. You can use a secure hash function to avoid sending the password as clear text. This is more secure than using .htaccess file based access control. First the web server sends a random variable to the client. The client asks the user for the password, and makes the MD5 hash of the random variable and password. It sends this to the server. The server make the MD5 hash of the random variable and its stored password. If the two hashes match, then the user knew the correct password, and the server allows access. At no point was the password transmitted in the clear. An eavesdropped won't be able to do a replay attack as the server will then expect a different random variable.

One caveat with using JavaScript cryptography is that it only protects you against passive eavesdropping. A malicious attacker who can modify network traffic can intercept the transmission of the JavaScript code and replace it with code that releases the password. There is no way round this, as the JavaScript is downloaded over an insecure link.

Password protection demonstration

 Change History

6 Feb 2001I've updated the code for all three hashes to works around the bug in IE and Netscape on Macs.
1 Feb 2001Andrew Kepert independently sent me a fix for the same problem.
25 Jan 2001Greg Holt has fixed the portability problems with the MD5 code on Macintoshes. I'd never been able to figure out how to do that, so thanks a lot mate! I've put the updated code on the site so everyone can use it.
25 Jan 2001Andrew Collins has submitted an update to make the MD5 code a fully encapsulated object. This is not backwardly comaptible, so I haven't updated the main code, but you can download the MD5 object vesion.
7 July 2000I've added code for MD4 by Jerrad Pierce and my SHA-1 code.
1 July 2000I've updated the code so it should be a little easier to understand.
6 May 2000After looking at the RFC, Perl's MD5 module and PHP's MD5 funtion, I've changed the code so it returns a lower-case string. Thanks to Brian Lozier for noticing this.
25 Mar 2000Code changed to use charCodeAt function instead of the dodgy sAscii variable. Thanks to Erik Johnson for suggesting this.
8 Mar 2000I've slightly improved the code to remove calls to Math.pow, now I've discovered the >>> operator.
15 Feb 2000Peter Valach has given me a fix for a problem with operator precedence in Opera.

Copyright 1998 - 2001 Paul Johnston   Disclaimer   Updated: 12 Mar 2001   Built: 8 Apr 2001<