In this article, we’ll discuss how you can use JavaScript to create an MD5 hash of a string, salt it, validate it, and decrypt it.
JavaScript is one of the core technologies of the web. The majority of websites use it, and all modern web browsers support it without the need for plugins. In this series, we’re discussing different tips and tricks that will help you in your day-to-day JavaScript development.
As a JavaScript developer, sometimes you need to convert a string into an MD5 hash. There are many open-source libraries that allow you to do this in your JavaScript projects. Some of them are available as NPM packages, and there are a few others that you can use as standalone JavaScript libraries by just including them in your HTML pages. In this article, we’ll explore a couple of popular MD5 JavaScript libraries to understand how you can use them in your projects.
We’ll also discuss how you can decrypt an MD5 hash in JavaScript. Although it's theoretically not possible to decrypt an MD5 hash into the original string, you can sometimes accomplish this with the help of lookup services. Of course, there’s no guarantee that it will work in every case. You’ll only be able to decrypt words that are already stored in the look-up databases. However, these are giant databases that contain over a billion hashes, so there's a strong possibility that they contain the most common words and combinations of symbols.
How to Create an MD5 Hash in JavaScript
In this section, we’ll explore a few libraries that allow you to create MD5 hashes.
We’ll start with one of the most popular libraries: blueimp/JavaScript-MD5. It’s really easy to integrate the blueimp/JavaScript-MD5 library in your projects, since you just need to include the source JavaScript file in a script tag. It’s also compatible with server-side environments like Node.js. Apart from that, it also supports module loaders like RequireJS and webpack, and it works in all major web browsers.
As it supports Node.js, you can quickly install it with NPM, as shown in the following snippet.
1 |
npm install blueimp-md5 |
If you are not using NPM in your projects, you can instead download the source file from GitHub.
To start using it in your projects, you just need to include the following snippet in the <head> section of your HTML pages.
1 |
<script src="js/md5.min.js"></script> |
Once you’ve included the md5.min.js file in your projects, you’re ready to use the features provided by this library! Let’s go through the following example to see how you can use it to create MD5 hashes.
1 |
<script type="text/javascript" src="md5.min.js"></script> |
2 |
<script>
|
3 |
window.addEventListener('load', function() { |
4 |
var strHash = md5('tutsplus'); |
5 |
alert('The MD5 hash of the tutsplus string is:' + strHash); |
6 |
});
|
7 |
</script>
|
As you can see, it’s pretty straightforward to use. The blueimp/JavaScript-MD5 library provides the md5 function, which you can use to generate MD5 hashes.
Next, we’ll look at another library, which is also a quick way to generate MD5 hashes. You can download it from the creators' website. Once you’ve downloaded it, you can use it as shown in the following snippet.
1 |
<script type="text/javascript" src="md5.js"></script> |
2 |
<script>
|
3 |
window.addEventListener('load', function() { |
4 |
var strHash = md5('tutsplus'); |
5 |
alert('The MD5 hash of the tutsplus string is:' + strHash); |
6 |
});
|
7 |
</script>
|
So that’s how to generate MD5 hashes in JavaScript. In the next section, we’ll explore how you can decrypt MD5 hashes in JavaScript.
How to Decrypt an MD5 Hash in JavaScript
First of all, let’s understand that there’s no native way in JavaScript to decrypt MD5 hashes. Since MD5 hashing is a one-way algorithm, theoretically it’s not possible to reverse MD5 hashes. There are a couple of workarounds that you can use to crack MD5 hashes, but they are not foolproof, so there’s no guarantee that they will always work.
One thing that makes it possible to sometimes decrypt hashes is that the MD5 algorithm always generates the same result for a string. Thus, if you have a database which contains mapping of all popular words, you can use it as a lookup service—sometimes called a rainbow table—to find the original string of the MD5 hash. If the string that created the hash is in the database, you'll be able to find it just by supplying the hash.
This is why a secure login system will always "salt" the passwords. This means adding some extra characters to the string to be hashed—something like the current time in milliseconds or a random string of 32 characters, for example. That way, the string will have an unpredictable element and will not be found in the rainbow table.
How to Validate an MD5 Hash in JavaScript
If you just want to check if a hash is correct for a string, it's easy. Just hash the string with the MD5 algorithm and see if it matches the hash code you are testing. If the result of the algorithm matches the hash code you are testing, you have a match and the original hash code is valid.
If you're validating a salted hash for a login system, you'll need to include the salt string as well. Normally the salt string is stored in the login system's database table along with the username and hashed password. That way, you can easily combine the salt with whatever password the user enters to log in, and test the resulting hash against the one found in the database.
Conclusion
Today, we discussed how you can convert strings into MD5 hashes in JavaScript. Although it's theoretically impossible to decrypt MD5 hashes, since hashing is a one-way algorithm, we discussed how you can try cracking MD5 hashes with the help of external APIs.
