Paj's Home
About Me
Site Info
Cryptography
RSA
JavaScript MD5
md4.js
md5.js
sha1.js
Instructions
Login System
md5auth.py
History
Vigenere Cipher
Word Patterns
Security
Programming
Web Apps

Instructions

Loading the libraries

First download the appropriate files from the links on the main page. Save them in the same directory as your html file and insert the appropriate one of these tags:

<script type="text/javascript" src="md4.js"></script>
<script type="text/javascript" src="md5.js"></script>
<script type="text/javascript" src="sha1.js"></script>

The scripts don't interfere with each other - you can use them all in the same document.

Alternatively, you can copy the code and paste it straight into your html file, inside <script>...</script>. I personally prefer keeping the code separate, but inlining it is slightly faster.

Calculating a hash

Usually you'll want to get the result in hexadecimal, so it can be submitted as part of a form without worrying about URL encoding.

<script type="text/javascript">
    hash = hex_md4("input string");
    hash = hex_md5("input string");
    hash = hex_sha1("input string");
</script>

Note that the input must be a string - hex_md5(Math.random()) will not funcation correctly; you must do hex_md5(Math.random().toString()).

You can also get the result in base-64 encoding:

<script type="text/javascript">
    hash = b64_md4("input string");
    hash = b64_md5("input string");
    hash = b64_sha1("input string");
</script>

You can also get the result as a binary string; this is discussed below.

HMACs - keyed hashes

In many uses of hashes you end up wanting to combine a key with some data. It isn't so bad to do this by simple concatonation, but HMAC is a carefully designed method, known to be very secure. The usage is:

<script type="text/javascript">
    hash = hex_hmac_md4("key", "data");
    hash = hex_hmac_md5("key", "data");
    hash = hex_hmac_sha1("key", "data");
</script>

The HMAC result is also available base-64 encoded or as a binary string, using b64_hmac_* or str_hmac_*.

Configurable options

There are a few configurable variables; you may have to tweak these to be compatible with the hash function on the server.

hexcaseThe case of the letters A-F in hexadecimal output0 - lower case (default)
1 - upper case
b64padThe character used to pad base-64 output to a multiple of 3 bytes"" - no padding (default)
"=" - for strict RFC compliance
chrszWhether string input should be treated as ASCII or UniCode8 - ASCII (default)
16 - UniCode

To set a variable, use a syntax like this:

<script type="text/javascript" src="md5.js"></script>
<script type="text/javascript">
    chrsz = 16;
</script>

In general, it's ok to change the values of these variables between calls to the library; for example you can do ASCII and UniCode hashes on the same page. However, you can't change chrsz and then re-use data returned by a str_* function.

Binary string output

This representation is useful when you want to feed the result of a hash operation back into another operation. The ability to do this lets you create a variety of cryptographic protocols.

For example, to do a double hash:

double_hash = hex_md5(str_md5(data));

The string is encoded so each character of a string represents either one or two bytes, in ASCII and UniCode respectively. This would be troublesome to send over HTTP as form data, but JavaScript strings are completely binary safe.

© 1998 - 2008 Paul Johnston, distributed under the BSD License   Updated:02 Jan 2008