Find me on: or Twitter

MD5 Ex

Javascript Projects

MD5 Ex


What is MD5 Ex?

MD5 Ex is an optimized md5 library based off of Paul Johnston's md5.js with added key stretching functionality.

Why MD5 Ex was made

One day I was developing a new user/login system that attempts to tackle all possible attacks over a non SSL connection, from packet sniffing to SQL injections / downloading of the user table. Most scripts/sites out there focus on the possibility of SQL injections, but none deal with data being intercepted, other than suggesting the use of SSL, which might not always be ideal.

To protect against the password being revealed during such interceptions, the client has to preform some of the hashing itself before sending it to the server. As such, the more optimized the functionality is, the more times we can key stretch, making it more time consuming to brute force an incercepted hash, which is why I began modifying an existing MD5 script to fit my requirements.

Even though we made it more difficult to get the original password from an intercepted hash, we are still faced with the problem of those hashes being replayed/reused to login. My approach to solving this problem is to store a second password hash and salt, along with a dynamic salt (provided at login) based off of their IP and time that expires. This way the attacker would not be able to login as the user without rehashing the password with the dynamic salt assigned to them. (I will make this login system available when it is completed and tested)

How is Stretching Done in MD5 Ex

The equivalent PHP code would look something like this:

$hash = md5($salt . $input);

for($i=0; $i<$iterations; $i++){
  $hash = md5($hash . $input);
}

Usage

MD5 Hash
MD5Ex.hashUTF8( string/variable );
MD5 Stretch
MD5Ex.hashStretch( string/variable , salt , iterations );

Demo

Salt:
Input:
  Iterations: MD5 Stretch   MD5 Hash
Output:
Elapsed Time: 0 seconds


Benchmarks

CPU Browser Iterations MD5 (seconds)MD5 Stretching (seconds)
OriginalMD5 Ex OriginalMD5 Ex
AMD Phenom 9850 2.5GHzIE 6 (6.0.2900.5512)500 0.6610.250164% faster 0.6610.130408% faster
AMD Phenom 9850 2.5GHzIE 8 (8.0.7601.17514)500 0.3260.161102% faster 0.3260.102220% faster
Intel i3 M390 2.67GhzIE 9 (9.0.8112.16421)10,000 0.2760.16666% faster 0.2760.109153% faster
Intel i3 M390 2.67GhzChrome (12.0.742.112)10,000 0.1190.1144% faster 0.1190.07657% faster
Intel i3 M390 2.67GhzOpera (11.50)10,000 0.2040.14244% faster 0.2040.047334% faster
Intel i3 M390 2.67GhzFireFox (5.0)10,000 0.4050.165145% faster 0.4050.108275% faster

Benchmarks are done by timing how long it takes to complete all iterations of the code, are run multiple times, and the lowest time is used.

What is MD5?

MD5 is a cryptographic function that produces a 16 byte (128-bit, 32 byte hex) hash value, essentially a one way encryption, where the original string can not be determined from the hash value efficiently for smaller strings, without the use of rainbow tables or brute force. This is the reason why it is widely used for passwords, as it helps protect the original password when the hash is stored in place of the password.

Issues with MD5

There are a few vulnerabilities discovered that make MD5 unsafe for some applications, but when used wisely, it is safe for passwords. These vulnerabilities make MD5 unsafe for: verifying code integrity, signing code, or signing SSL certificaites.

Brute Force
Solution: Make use of key stretching by rehashing the password with the previous hash a given number of times

Brute force attacks is where a user tries every combination possible till he gets the correct answer. Mose websites limit the number of attempts you can do within a period of time, which makes it not a problem unless the attacker manages to download a user's password hash value, where they can brute force it offline on their own machines.

No matter what hash function you use, they are all vulnerable to brute force. The only thing you can do is make it harder for them to come up with the answer by making it more complicated and therefore take more time, until it is no longer worthwhile. This way you have time to force the most vulnerable/important users to change their passwords long before their passwords are found, giving you more time to react.

Rainbow Tables
Solution: Use sufficently long salts

Rainbow tables is a precomputed table of hashes and their original values, where a user may search for a given hash and get the possible string values that provide that hash value. This is essentially similar to brute forcing, except in this case you store all possible values so you can search them later, then having to restart the brute force operation from the start.

Due to this, most websites use a salt along with the password in the hash function, making it exponentially more difficult to use a rainbow table, as the attack would need a sufficently big enough of table to encompass all possible salt values, or have a table for every salt value making it inefficent.


MD5 Ex Download

MD5Ex v0.1.1 : Uncompressed , Minified   ( Oct 22, 2011 )



Changelog

v0.1.1 (Oct 22, 2011)

- fixed bug where long strings were not hashing properly (>=52 characters)

v0.1.0 (Aug 1, 2011)

- Initial release

BSD License

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

Neither the name of the author nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Javascript MD5

The JavaScript code implementing the algorithm is derived from the C code in RFC 1321 and is covered by the following copyright:

License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing this software or this function.

License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing the derived work.

RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided "as is" without express or implied warranty of any kind.

These notices must be retained in any copies of any part of this documentation and/or software.

This copyright does not prohibit distribution of the JavaScript MD5 code under the BSD license.