In this section, we’ll explore a few libraries that allow you to create MD5 hashes.
script tag. It’s also compatible with server-side environments like Node.js. Apart from that, it also supports module loaders like RequireJS and webpack, and it works in all major web browsers.
As it supports Node.js, you can quickly install it with NPM, as shown in the following snippet.
npm install blueimp-md5
If you are not using NPM in your projects, you can instead download the source file from GitHub.
To start using it in your projects, you just need to include the following snippet in the
<head> section of your HTML pages.
Once you’ve included the md5.min.js file in your projects, you’re ready to use the features provided by this library! Let’s go through the following example to see how you can use it to create MD5 hashes.
md5 function, which you can use to generate MD5 hashes.
Next, we’ll look at another library, which is also a quick way to generate MD5 hashes. You can download it from the creators' website. Once you’ve downloaded it, you can use it as shown in the following snippet.
One thing that makes it possible to sometimes decrypt hashes is that the MD5 algorithm always generates the same result for a string. Thus, if you have a database which contains mapping of all popular words, you can use it as a lookup service—sometimes called a rainbow table—to find the original string of the MD5 hash. If the string that created the hash is in the database, you'll be able to find it just by supplying the hash.
This is why a secure login system will always "salt" the passwords. This means adding some extra characters to the string to be hashed—something like the current time in milliseconds or a random string of 32 characters, for example. That way, the string will have an unpredictable element and will not be found in the rainbow table.
If you just want to check if a hash is correct for a string, it's easy. Just hash the string with the MD5 algorithm and see if it matches the hash code you are testing. If the result of the algorithm matches the hash code you are testing, you have a match and the original hash code is valid.
If you're validating a salted hash for a login system, you'll need to include the salt string as well. Normally the salt string is stored in the login system's database table along with the username and hashed password. That way, you can easily combine the salt with whatever password the user enters to log in, and test the resulting hash against the one found in the database.
Subscribe below and we’ll send you a weekly email summary of all new Code tutorials. Never miss out on learning about the next big thing.Update me weekly
Envato Tuts+ tutorials are translated into other languages by our community members—you can be involved too!Translate this post