Re: MD5 Implemented in JavaScript 1.3

From: Grant Wagner (gwagner@agricoreunited.com)
Date: 11/27/02 

From: Grant Wagner <gwagner@agricoreunited.com>
Date: Wed, 27 Nov 2002 22:17:54 GMT

"Matt Coe, CCNA" wrote:

> To start off -- I apologise for the massive cross-posting.
>
> Now that that's out of the way, I'd like to announce it to the world
> that I just implemented MD5 in JavaScript 1.3. Full Unicode support was
> one of the key elements, and this isn't just a conversion of the
> reference implementation in RFC 1321. OSS hackers, by all means, hack at
> this. Check out the SourceForge project -
> http://sourceforge.net/project/prjctrevelation/ and help out!
>
> I want to make this big -- I think it's really useful for login forms on
> the web!
>
> --
> Matt Coe, CCNA
> jargonCCNA.cjb.net

Login forms on the web use SSL if they are properly implemented. This already
makes the password submission secure.

Using your MD5 library, once logged in, all other traffic would be freely
available to anyone sniffing the traffic between the client and server, again.
This means any sensitive credit card numbers or corporate data would not be any
more secure than if you didn't have the MD5 password in the first place.

This is why properly implemented Intra/Extra/Internet sites use SSL to secure
all data between themselves and their clients.

There may be uses for an MD5 implementation in client-side JavaScript, but
securing login passwords isn't one of them. 

--
| Grant Wagner <gwagner@agricoreunited.com>
* Client-side Javascript and Netscape 4 DOM Reference available at:
* http://developer.netscape.com/docs/manuals/javascript.html
* Internet Explorer DOM Reference available at:
* http://msdn.microsoft.com/workshop/author/dhtml/reference/dhtmlrefs.asp
* Netscape 6/7 DOM Reference available at:
* http://www.mozilla.org/docs/dom/domref/
* Tips for upgrading JavaScript for Netscape 6/7 and Mozilla
* http://www.mozilla.org/docs/web-developer/upgrade_2.html