Is there a working md5 plugin or equivalent encryption plugin for jQuery 1.3.2?

Question

I'm storing my passwords on a server, and, using nothing but HTML/JavaScript, I need to be able to take an input password, compute the hash, then compare against what's in my database via Ajax.

As I'm using CouchDB, there's actually no server code, which is where I'd normally do such a calculation.

Any kind of one way encryption would work. I saw an old plugin that appears unsupported for an earlier version of jQuery. As 1.3 and 1.2 seem to be mostly incompatible from my experience, I wonder if there's any new solution to this problem for the latest version of jQuery, or even just plain old JavaScript.

Thanks!

Answer 1

Why are you looking for a jQuery plugin? There are multiple implementations of MD5 and SHA1 available in JavaScript that turn any string into a hash string and that can easily be used with jQuery.

Here is the first Google result for "JavaScript sha1":

http://www.webtoolkit.info/javascript-sha1.html

Answer 2

If you want MD5 rather than SHA1, this one works pretty well:

http://pajhome.org.uk/crypt/md5

Answer 3

I highly recommend you read "Enough With The Rainbow Tables: What You Need To Know About Secure Password Schemes" by Thomas Ptacek. Here's the link to the wayback machine (if markdown will stop eating it):

http://web.archive.org/web/20071228050037/http://www.matasano.com/log/958/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/

The first thing that jumps out as applicable to your scenario: md5 is horribly broken.

There are other goodies in there, and I can't do the source material justice, so please read the whole thing.

UPDATE: Googling around seems to indicate it's possible to tie in HTTP Authentication to your CouchDB application using Apache. I'd recommend using that over rolling your own authentication protocol that relies on client-side hashing of the password.

Answer 4

You could also check my md5 implementation.