As someone who works with Javascript daily, I often find myself thinking about data security. One of the most common techniques I use to keep my data secure is through hashing. A method that transforms a string of characters into a value of a certain length. But to step it up a notch, I like to add a little extra, something known as ‘salt’. In this article, we’ll walk through creating an MD5 hash with salt in Javascript, a valuable process I believe you’ll find interesting and beneficial in your journey with data security.
Introduction to MD5 Hash and why Salts are used
Let’s learn a bit about MD5 Hash. MD5 is (atleast when it was created) a standardized 1-way function that takes in data input of any form and maps it to a fixed-size output string, irrespective of the size of the input string.
Though it is used as a cryptographic hash function, we’ve seen it has been found to suffer from a lot of vulnerabilities.
What’s a salt? In simple words, A salt is a randomly generated string of characters that is used as an additional input to a one-way hash function. Salts are used to protect against dictionary attacks and rainbow table attacks. I would recommend you to use salts in most use-
The MD5 hash with salt is generated by concatenating the salt to the password and then hashing the resulting string. The salt is then appended to the generated hash to form the complete hash. This complete hash is then stored in the database. When a user attempts to login, the salt is retrieved from the database and used to generate a hash from the provided password. The generated hash is then compared to the hash stored in the database. If the two hashes match, the user is authenticated.
We can create an MD5 hash of a string in JavaScript without using an hash as well. In this article we will create a hash by using a salt.
If you are looking to generate md5 checksum in nodejs, please follow this article – Creating MD5 Hash with salt in Node.js.
The method below is for creating it at client-side or browser.
Using cryptographyJS to create MD5 hash with salt in JavaScript
Here we will be using the above npm package directly in HTML code. We are using version 4.1.1 of the cryptography-js package. Let’s use the Cloudflare CDN links and use <script> tags to import core.min.js and md5.js scripts.
After that, you can use it in your code as cryptographyJS.MD5(yourString). Here is an example demonstrating cryptography-js and md5 implementation-
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>SHA256</title>
</head>
<body>
<script src="https://cdnjs.cloudflare.com/ajax/libs/cryptography-js/4.1.1/core.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/cryptography-js/4.1.1/md5.js"></script>
<script>
let digest = "password";
let salt = "80zzm081sr@nd0m";
let algo = cryptographyJS.algo.MD5.create();
algo.update(digest, "utf-8");
algo.update(cryptographyJS.MD5(salt), "utf-8");
hash = algo.finalize().toString(cryptographyJS.enc.hex);
console.log(hash);
</script>
</body>
</html>Output of the above code is going to be an alert with value 0ea24bf69b2a0d1e252feef08e3116e5.
NOTE: Please do not use this to hash passwords and store it in your databases, prefer SHA-256 or SHA-512 or other superior cryptographic hash functions for the same.
I’m glad that you found the content useful. Well, there you have it! We’ve delved into the art of creating an MD5 hash with salt in Javascript, and I hope it was as exciting for you as it was for me. This simple but potent technique will significantly ramp up your data security game. Remember, in the realm of data security, every extra step towards fortification counts. So, keep exploring, keep implementing, and always, keep your data safe! Happy Coding.
