How to use MD5 in javascript to transmit a passwor

2020-05-19 05:24发布

站内问答 / JavaScript
1784 6 4

I have a jquery dialog modal box pop up for logging into my website. When a user clicks login it does a post request to a login.php file as follows:

$.post(
      'includes/login.php', 
      { user: username, pass: password },
      onLogin, 
      'json' );

How do I do an md5 on that password before putting it in the post request? Also, I have the user's passwords stored in a MySQL database using MD5(), so I would like to just compare the stored version of the password with the MD5 of the password submitted. Thanks to anyone that replies.

6条回答
爷的心禁止访问
2楼-- · 2020-05-19 05:50

I would suggest you to use CryptoJS in this case.

Basically CryptoJS is a growing collection of standard and secure cryptographic algorithms implemented in JavaScript using best practices and patterns. They are fast, and they have a consistent and simple interface.

So In case you want calculate hash(MD5) of your password string then do as follows :

<script src="http://crypto-js.googlecode.com/svn/tags/3.0.2/build/rollups/md5.js"></script>
<script>
    var passhash = CryptoJS.MD5(password).toString();

    $.post(
      'includes/login.php', 
      { user: username, pass: passhash },
      onLogin, 
      'json' );
</script>

So this script will post hash of your password string to the server.

For further info and support on other hash calculating algorithms you can visit at:

http://code.google.com/p/crypto-js/

查看更多
0人赞 添加讨论(0) 举报
家丑人穷心不美
3楼-- · 2020-05-19 05:53

crypto-js is a rich javascript library containing many cryptography algorithms.

All you have to do is just call CryptoJS.MD5(password)

$.post(
  'includes/login.php', 
  { user: username, pass: CryptoJS.MD5(password) },
  onLogin, 
  'json' );
查看更多
0人赞 添加讨论(0) 举报
女痞
4楼-- · 2020-05-19 05:53

You might want to check out this page: http://pajhome.org.uk/crypt/md5/

However, if protecting the password is important, you should really be using something like SHA256 (MD5 is not cryptographically secure iirc). Even more, you might want to consider using TLS and getting a cert so you can use https.

查看更多
0人赞 添加讨论(0) 举报
啃猪蹄的小仙女
5楼-- · 2020-05-19 06:01

if you're using php jquery, this might help: 

   $.ajax({
        url:'phpmd5file.php',
        data:{'mypassword',mypassword},
        dataType:"json",
        method:"POST",
        success:function(mymd5password){
            alert(mymd5password);
        }
    });

on your phpmd5.php file:

echo json_encode($_POST["mypassword"]);

no jsplugins needed. just use ajax and let php md5() do the job.

查看更多
0人赞 添加讨论(0) 举报
别忘想泡老子
6楼-- · 2020-05-19 06:12

If someone is sniffing your plain-text HTTP traffic (or cache/cookies) for passwords just turning the password into a hash won't help - The hash password can be "replayed" just as well as plain-text. The client would need to hash the password with something somewhat random (like the date and time) See the section on "AUTH CRAM-MD5" here: http://www.fehcom.de/qmail/smtpauth.html

查看更多
0人赞 添加讨论(0) 举报
不美不萌又怎样
7楼-- · 2020-05-19 06:15

In response to jt. You are correct, the HTML with just the password is susceptible to the Man in the middle attack. However, you can seed it with a GUID from the server ... 

$.post(
  'includes/login.php', 
  { user: username, pass: $.md5(password + GUID) },
   onLogin, 
  'json' );

This would defeat the Man-In-The middle ... in that the server would generate a new GUID for each attempt.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)