- By Matt Stephens
- March 25, 2006
So anyway, just in case you don’t want to send stuff over the network in clear text, and HTTPS is rather overkill for what you’re trying to do (e.g. just protect a single field), this resource by Paul Johnston could be just the ticket.
Of course, MD5 and SHA-1 are both deprecated, as it was discovered that it’s easier than previously thought to create "collisions" (i.e. the same hash result from two different inputs). Luckily, use cases such as challenge-response login don’t rely on a hashing algorithm’s collision resistance property, as such. And hey, it’s still better than sending plain text, if that’s the alternative.
Meanwhile, if multi-purpose JS libraries are your thing, dojo.crypto includes an adaptation of Paul Johnston’s MD5 script; and it also includes a from-scratch implementation of Blowfish.