PDA

View Full Version : Ext.util.MD5



wm003
5 Mar 2008, 12:44 AM
i found this code years ago somewhere on the net and "ported" it to Ext...as it wasnt Part of the existing crypto Plugin that only contains SHA-1 (yes, i know SHA-1 is more secure because of 160-Bit instead of 128-Bit with MD5, but as MD5 is furthermore used in many applications and i needed it for my old and current projects, i hope this is useful for someone else also :) )

It works exactly like the PHP function md5()

[UPDATE 2008/03/20]
- added optional parameters for raw binary output of a 16 letter binary string instead of the 32 Bit hex-string
- moved the hexcase parameter as optional parameters to the function call (default to false=> lowercase)
- moved the charset parameter as optional parameters to the function call (default to 8=> ASCII)
- passes the jslint test now

Usage:
string Ext.util.MD5 ( string str [, bool raw_output ][, bool hexcase ][, number charset {8(ASCII):16(UNICODE)} ] )

[code]
var MD5Hash = Ext.util.MD5("testtext"); //returns 0ea2d99c9848117666c38abce16bb43e
var MD5Hash = Ext.util.MD5("testtext",false,true); //returns 0EA2D99C9848117666C38ABCE16BB43E
var MD5Hash = Ext.util.MD5("testtext",true); //returns binary string

jsakalos
10 Mar 2008, 9:34 AM
Thank you very much for sharing. I already use some md5 function but I like your Ext-ish version more.

Any license or conditions of use?

wm003
11 Mar 2008, 12:08 AM
Thank you very much for sharing. I already use some md5 function but I like your Ext-ish version more.

Any license or conditions of use?


As the algoryhtm is freely available here (http://tools.ietf.org/html/rfc1321) this piece of code can be used freely without any conditions by anyone using Ext :)

garraS
11 Mar 2008, 4:23 AM
Awesome!
Useful tool.

Thanks!

JorisA
12 Mar 2008, 9:35 AM
http://extjs.com/learn/Extension:Crypto

jsakalos
20 Mar 2008, 5:44 AM
Doing a "Qual Check" on files of my application, the Ext.util.MD5 is the part of, I found that running it through http://jslint.com spits out errors.

Could you please run it through jslint and fix these errors?

wm003
20 Mar 2008, 6:40 AM
Could you please run it through jslint and fix these errors?

Done so.;) I updated my original post at the top.
The only thing jslint moans at least is that "Ext" has not been defined, what is ok here, as the function assumes "Ext.util" is still present.

esoteric
20 Mar 2008, 6:46 AM
Thanks for the code, you may want to post it under the extension section of the site. But this will be extremely helpful.

dolittle
20 Mar 2008, 10:09 AM
I'm using md5 javascript implementation for SASL Difest MD5
http://pajhome.org.uk/crypt/md5/

I'm using the functions

function hex_md5(s){ return binl2hex(core_md5(str2binl(s), s.length * chrsz));}
function str_md5(s){ return binl2str(core_md5(str2binl(s), s.length * chrsz));}


Is it possible to achieve the same with your extension?

If it isn't, could you extend it to use these functions?

Thanks

jsakalos
20 Mar 2008, 12:30 PM
Done so.;) I updated my original post at the top.
The only thing jslint moans at least is that "Ext" has not been defined, what is ok here, as the function assumes "Ext.util" is still present.

Super, thank you. BTW, if you put /*global Ext */ at the beginning of the file jslint is satisfied as he knows that you know about the global Ext.

wm003
20 Mar 2008, 12:32 PM
could you extend it to use these functions?

Thanks

of course:)
i changed the routine this way, that you just need to add a second parameter for raw binary output (just like the original PHP MD5-routine does)

[php] var MD5Hash = Ext.util.MD5("testtext",true); //returns 

wm003
20 Mar 2008, 12:41 PM
Super, thank you. BTW, if you put /*global Ext */ at the beginning of the file jslint is satisfied as he knows that you know about the global Ext.

Cool, i didnt knew that by now. Thanks for the tip:)

jsakalos
20 Mar 2008, 1:01 PM
RTFM ;), meaning I also didn't know until today but then I clicked on the Documentation link on the jslint page....

dolittle
4 May 2008, 4:36 AM
I use it in my applications and it works great.

I had a problem with non latin characters.
I'm using a function from another post of you:
http://www.extjs.com/forum/showthread.php?t=29255&highlight=utf8

Is it necessary or is one of the parameters already built in Ext.util.MD5 will do the job?

Thanks

wm003
4 May 2008, 5:34 AM
I use it in my applications and it works great.

I had a problem with non latin characters.
I'm using a function from another post of you:
http://www.extjs.com/forum/showthread.php?t=29255&highlight=utf8

Is it necessary or is one of the parameters already built in Ext.util.MD5 will do the job?

Thanks

The fourth parameter of Ext.util.MD5 is used for unicode support, so try

var MD5Hash = Ext.util.MD5("testtext",false,false,16)

should work with UTF8 Strings.

dolittle
4 May 2008, 7:25 AM
I'm probably doing something wrong.

What works for me is:

testString1 = Ext.util.Utf8.encode(testString1);
testString2 = Ext.util.Utf8.encode(testString2);
var test1 = Ext.util.MD5(testString1, true);
var test2 = Ext.util.MD5(Ext.util.MD5(testString2));


I tried what you suggested:

var test3 = Ext.util.MD5(testString1, true, false, 16);
var test4 = Ext.util.MD5(Ext.util.MD5(testString2, false, false, 16), false, false, 16);


test1 and test2 work for me but doesn't match test3 and test4.

Do you have an idea?

wm003
4 May 2008, 10:48 AM
I'm probably doing something wrong.

What works for me is:

testString1 = Ext.util.Utf8.encode(testString1);
testString2 = Ext.util.Utf8.encode(testString2);
var test1 = Ext.util.MD5(testString1, true);
var test2 = Ext.util.MD5(Ext.util.MD5(testString2));
I tried what you suggested:

var test3 = Ext.util.MD5(testString1, true, false, 16);
var test4 = Ext.util.MD5(Ext.util.MD5(testString2, false, false, 16), false, false, 16);
test1 and test2 work for me but doesn't match test3 and test4.

Do you have an idea?

Sure, they do not match, because test3 and test4 were calculated based on 16 Bit Unicode while test1 and 2 were calculated by 8 bit. You should pass the original untouched testString1 (without going through Ext.util.Utf8.encode) to the Ext.util.MD5 routine with config 16 for test 1 and 2 also, otherwise, they'll never match (just because encoding to utf8 will give a larger String than the original).,

However,personally i never needed to calculate on raw utf8 Code (i always encode them before like you did), so i'd stick with your first example :)

dolittle
4 May 2008, 11:02 AM
It is part of sasl authentication and only the first example pass the authentication.

I guess, if it works don't touch it.

Thanks

SilverDev
7 May 2008, 10:41 AM
Excellent little utility.

Very useful!

Thanks!

SilverDev
-=-

dolittle
18 Jul 2008, 5:45 PM
Is there a way to use this md5 extension and the client clock/date to generate a unique numeric key?

Someting like: 3737871162

Can I control the number of digits?

Thanks

mjlecomte
19 Jul 2008, 5:56 AM
Please forgive my ignorance, why or in what situation would you want to use this client side?

wm003
20 Jul 2008, 5:49 AM
Please forgive my ignorance, why or in what situation would you want to use this client side?

e.g. i always use it for login controls. instead of posting the clear password, i generate the MD5 Hash of it (and some other sessionbased ids) on the client and only post the Hash to the server. This way the clear pass will never be send to the server and the server routine only need to compare the hash(together with the sessionbased ids) with the database. And i dont need to have a https protocol for this.

mjlecomte
20 Jul 2008, 6:54 AM
I might have considered that less secure in some respects, because now the client knows the hash to post to the database.

I agree obscuring the password offers some perception of additional security, but I wondered about just obscuring the password where it could be obscured client side and un-obscured server side, which at that point would be salted/encrypted for talking with the database.

One fellow suggested using str_rot13. php has inbuilt decoding (http://us2.php.net/str_rot13), not sure about the other server side languages.

This site (http://kevin.vanzonneveld.net/techblog/article/javascript_equivalent_for_phps_str_rot13/) has the javascript for str_rot13, as well as several other php functions (md5, sha1, and more).

wm003
20 Jul 2008, 12:59 PM
I might have considered that less secure in some respects, because now the client knows the hash to post to the database.

Well, i never post the simple md5(password), but some kind of md5(username+password+sessionbased_random_hash_for_every_pagerender).

So even, if the client will get the generated md5 hash, its not the hash from the database and it will never work when trying to post it again, because the additional serverside-generated random hash (and thus the resulting md5 hash) will not be the same again. ;)

dolittle
22 Jul 2008, 2:02 PM
Can you use your md5 to generate a random client side key with the clock?

mjlecomte
22 Jul 2008, 5:22 PM
FYI, there are several extensions that Jeff Howden posted sometime back in the wiki (http://extjs.com/learn/Ext_Extensions).

Ext.ux.Crypto by Jeff Howden
Includes SHA-1, TEA, and AES, all client-side.

Ext.ux.UUID by Jeff Howden
Generate a UUID client-side or pass a connection config object to retrieve one server-side.

Ext.ux.GUID by Jeff Howden
Generate a GUID client-side or pass a connection config object to retrieve one server-side.

wm003
22 Jul 2008, 9:23 PM
Can you use your md5 to generate a random client side key with the clock?

Sure


var random_key = Ext.util.MD5(new Date().getTime().toString());

FYI, there are several extensions that Jeff Howden posted sometime back


:) Yes, i knew that and already said so when i was posting this extension.
Anyway, i needed to change the UI for some existing applications without changing the backend stuff which already use MD5, so there wasn't the question of implementing a better algorythm like sha1 on the client AND Server side, but taking the existing MD5-javascript routine and wrap it into an ext component.

For sure, Jeff's implementation of the crytographic algorythms are better in security comparision, no doubt. It was just lacking the hash-algorythm i needed ;)

dolittle
23 Jul 2008, 3:01 AM
Hi,

Is there a way I can make sure the random key will consist only numbers and not alpha characters?
Can I control the number of digits to be ten for example?


var random_key = Ext.util.MD5(new Date().getTime().toString());

Thanks

wm003
23 Jul 2008, 3:12 AM
Hi,

Is there a way I can make sure the random key will consist only numbers and not alpha characters?
Can I control the number of digits to be ten for example?



You might not use MD5 for this purpose. An MD5 hash always returns a 32 letter String consisting of alphanumeric characters. Try simply


var randomNumber = Math.floor(Math.random()*100000000000);to get a 10 digits random numeric key

mystix
23 Jul 2008, 3:31 AM
You might not use MD5 for this purpose. An MD5 hash always returns a 32 letter String consisting of alphanumeric characters. Try simply


var randomNumber = Math.floor(Math.random()*100000000000);to get a 10 digits random numeric key
safer:


String.leftPad(Math.floor(Math.random()*1e10), 10, '0')

Math.random()*10000000000 occasionally returns a 9-digit long integer.

Nand@
28 Jan 2009, 11:10 AM
hi, i want to do a "retrieve password" read from database n show it in a form..like you said this plugin "It works exactly like the PHP function md5()" but i canot "retrieve" the md5 encrypted password n show it like php function just encrypted the text and send it to server side not the opossite...any sugesstion? thanks in advance!

wm003
29 Jan 2009, 12:58 AM
hi, i want to do a "retrieve password" read from database n show it in a form..like you said this plugin "It works exactly like the PHP function md5()" but i canot "retrieve" the md5 encrypted password n show it like php function just encrypted the text and send it to server side not the opossite...any sugesstion? thanks in advance!
:-?
mmh, i don't quite understand:

like i stated in the first post:


var MD5Hash = Ext.util.MD5("testtext"); //returns 0ea2d99c9848117666c38abce16bb43e
document.write(MD5Hash);

This "retrieves" the MD5-Hash of the password "testtext" into the JS-Var MD5Hash and outputs it into the briowser document
The php-function does the same....


$md5hash = md5("testtext");
echo $md5hash;


:-/

Nand@
29 Jan 2009, 5:28 AM
:-?
mmh, i don't quite understand:

like i stated in the first post:


var MD5Hash = Ext.util.MD5("testtext"); //returns 0ea2d99c9848117666c38abce16bb43e
document.write(MD5Hash);
This "retrieves" the MD5-Hash of the password "testtext" into the JS-Var MD5Hash and outputs it into the briowser document
The php-function does the same....


$md5hash = md5("testtext");
echo $md5hash;
:-/

yep i understend you..but, if you use a

$md5hash = md5("testtext");
echo $md5hash;
show something like 0ea2d99c9848117666c38abce16bb43e AND if you "read" the database AND the password is already encrypted then show you "testtext" ..so i want to know how get the "two" ways: encrypt and decrypt the string...like the md5 php function...
another comparison: if you wanna know the password from a user well we need to decrypt the encrypted password reading the database n show it "plain text" but if you want to "save" the password from a user well we use a md5(password) to encrypt the plain text...

i hope you understand..thanks

mjlecomte
29 Jan 2009, 5:45 AM
encryption is one way. You can't decrypt in php either. Do like the norm, reset the password if someone forgets it.

Nand@
29 Jan 2009, 6:11 AM
you right guess i forget...think i got it..thanks to all

extjs_new
22 Feb 2009, 3:25 AM
Hi does anyone knows how to make this MD5 function one of the property of texfiled?
like


password = new Ext.form.TextField({
fieldLabel:'Password',
id:'loginPassword',
name:'loginPassword',
inputType:'password',
allowBlank:false,
encrypt: true //how can I do like this?

});

jsakalos
22 Feb 2009, 4:07 AM
I think that better would be to "encrypt" it before it is sent to server - MD5 sum value has no sense at client.

mjlecomte
22 Feb 2009, 4:55 AM
Hi does anyone knows how to make this MD5 function one of the property of texfiled?
like


password = new Ext.form.TextField({
fieldLabel:'Password',
id:'loginPassword',
name:'loginPassword',
inputType:'password',
allowBlank:false,
encrypt: true //how can I do like this?

});


I agree with Saki that it's questionable as to the merits of doing this client side, but if you insist on doing it, I think the answer to your question would be that you either need to override TextField, or make your own extension for Ext.ux.form.MD5Field or something (I guess if you extend then that would make having "encrypt" and "inputType" config properties moot as that class would automatically do it.

So the direct answer to your question without suggestions, you have to override TextField.

aurelien
2 Apr 2009, 1:03 AM
Perhaps I miss something but I really don't find where to get the extension (Ext.util.MD5)...

Any help? :D

UPDATE: found here http://www.extjs.eu/docs/

wm003
2 Apr 2009, 11:58 AM
i swear the code was part of the first post..anyone of the admin deleted it?
mmh, i guess while updating vbulletin the last time some of the attachments got lost...the file was still in the first post, but named "undefined"...i even cannot delete it. So i attached a new one to the first post

jsakalos
2 Apr 2009, 12:01 PM
Not me ;) Re-post it please.

aurelien
7 Apr 2009, 8:21 AM
thanks!

aurelien
7 Apr 2009, 8:34 AM
Are you sure is it the last version you uploaded?

I can't get the hexcase parameters work and the code let me think is an old version...

Thanks!

kaeptn
4 Jun 2009, 9:10 AM
Are you sure is it the last version you uploaded?

I can't get the hexcase parameters work and the code let me think is an old version...

Thanks!

Seems to be broken for me, too. The file the zip extracts does not even check for any arguments >:)

No wonder it does not work ...

wm003
4 Jun 2009, 10:18 PM
i replaced the attachment of the first post again. there was an old version which didn't support all features. The current one does it again. :)

VATigers
14 Jul 2009, 12:17 PM
Thanks Wm003 for this util.

I want to know, if there is a way to decrypt the hashed string? I have read the entire thread and this question has been answered that the encryption is one way.

I am not playing with password but I have a requirement where I am hashing couple of things and then joining them up into 1 string.

So I also need to decrypt the hashed string.

Would be awesome if this is implemented.

mschwartz
14 Jul 2009, 12:23 PM
Thanks Wm003 for this util.

I want to know, if there is a way to decrypt the hashed string? I have read the entire thread and this question has been answered that the encryption is one way.

I am not playing with password but I have a requirement where I am hashing couple of things and then joining them up into 1 string.

So I also need to decrypt the hashed string.

Would be awesome if this is implemented.

unhashing MD5 takes a lot of computing power for many hours.

kaeptn
15 Jul 2009, 12:53 AM
Thanks Wm003 for this util.

I want to know, if there is a way to decrypt the hashed string? I have read the entire thread and this question has been answered that the encryption is one way.

I am not playing with password but I have a requirement where I am hashing couple of things and then joining them up into 1 string.

So I also need to decrypt the hashed string.

Would be awesome if this is implemented.

You suffer from a fundamental misunderstanding. You need a different approch to your problem as MD5 and others like SHA etc. can not be reversed back to the original string. In absolutely no way this is possible.

There's a difference between a hash function and an encryption function. Also it might not be possible to concat (append) several encrypted strings and then decrypt the combined string to one making sense ... depends on the method you choose.

Perhaps you describe your problem so we can give a better hint. Pease be concise as your problem seems to be a little off topic.

VATigers
15 Jul 2009, 5:28 AM
I was thinking of encryption and decryption and some how mixed it with hashing.
Couple of years ago, I had implemented crytography and I carried the same idea of encryption and decryption to my current requirement.

I had kind of forgotten that hashing algorithms are only one way. Thanks for clearing the confusion.


My requirement is
I want to concat several encrypted strings and then decrypt it. or may be append strings, encrypt it and then later on decrypt it .

mschwartz
15 Jul 2009, 11:38 AM
Trivial method:



// Encrypts $str if not already encrypted
// otherwise decrypts $str
function EnDeCrypt($str) {
$ha = "mschwartz"; // choose some arbitrary string here
$hlen = strlen($ha);
$hndx = 0;
$slen = strlen($str);
$out = '';
for ($i=0; $i<slen; $i++) {
$out .= substr($str, $i, 1) ^ substr($ha, $hndx, 1);
$hndx = ($hndx + 1) % $hlen;
}
return $out;
}


Not super hard for someone to decrypt, but good enough to keep honest people honest.

Gunmen
4 Mar 2010, 2:39 AM
I have read the complete thread and understand that you can create with this function an encrypted or hashed version of a given password and or username.

What I don't understand so far is how I can use this in connection with the server? How do I check the password provided (user input) and saved (database)?

Thansk!

wm003
4 Mar 2010, 5:20 AM
What I don't understand so far is how I can use this in connection with the server? How do I check the password provided (user input) and saved (database)?

Thansk!

You only submit the hash to the server. On the server side you check the database (which should also have the hashed password instead of the real one) to match the given hash.

for additional security i suggest hashing the pw-hash again together with a random salt (e.g. session-based, which the server also knows).

Use this on the server side aswell to check, if the hashes matches. This way the submitted hash is always different on every request, but the pw hashes are always the same.


Quick PHP Example:


session_start();
if (!isset($_SESSION["salt"])) {
$_SESSION["salt"] = uniqid (rand());
}

//generate javascript version of the salt
echo "var salt='".$_SESSION["salt"]."';";

$user_id = $_GET["userid"];
$pwhash = $_GET["pw"];


on submit of the js-form you generate


var hash2submit = Ext.util.MD5(Ext.util.MD5(password)+salt);


then check your database


select passhash from usertable where user_id = '$user_id'

//passhash has the password stored as plain MD5 Hash (MD5(password))
...
if (MD5($passhash.$_SESSION["salt"])!=$hash2submit) {
die("wrong login");
}

...

Gunmen
7 Mar 2010, 10:11 AM
Thank you wm003, for your example. I'm going to try this soon.

dontako
22 Aug 2013, 7:16 AM
Hi, I'm triyng to compile my app with sencha cmd and I'm getting this error:


[ERR] C2008: Requirement had no matching files (Ext.util.MD5) -- C:\wamp\www\myapp\app.js:2768
[ERR] The following error occurred while executing this line:
C:\wamp\www\myapp\.sencha\app\build-impl.xml:165: The following error occur
red while executing this line:
C:\wamp\www\myapp\.sencha\app\build-impl.xml:158: com.sencha.exceptions.ExS
cript: Wrapped com.sencha.exceptions.ExBuild: Failed to find any files for C:\wa
mp\www\myapp\app.js::ClassRequire::Ext.util.MD5 (x-app-build#290)
runAppBuild (x-app-build:290)
[anonymous] (x-app-build:566)
x_app_build (x-app-build:564)
<script> (anonymous:1)


Thank You

intre
4 Aug 2014, 11:03 AM
How do i include that?

masai
8 Sep 2014, 5:29 AM
great utils, but I don't know how to integrate them with sencha architect. Any help???

max