

Ask HN: Client-side MD5 password hashing - antileet

I'm currently writing the auth for our web application. Normally the login form would have a username and password in a form. I hooked into the submit() event using javascript to change the value of the password to it's MD5 equivalent.<p>Now on the server, I treat the MD5 hash as if it's a regular password - but this is assuming that the treatment is consistent between sign-up and log-in. The advantage here is that nobody except your client knows what your plaintext password is.<p>I'm sure that people would've tried doing this before. Is there any disadvantage of doing this? I don't see any apart from the fact that disabling javascript will disable the login. Any advice about this would be very useful.
======
gdl
My take as some random guy without any particular experience in these things:

Client-side hashing shouldn't make much of a difference to security. Passwords
are generally hashed server-side before being stored anyway, and it wouldn't
prevent any sort of man-in-the-middle attacks. The only benefit I see is that
anyone sniffing the data before it gets hashed server-side would only see a
hash with the power of a password rather than the password itself, making it
less useful to use against other sites where the user might share the
password. If you really need the security, though, go HTTPS.

I don't see any harm other than the inconvenience of needing JavaScript. Note
that there could be weird failure cases though. As an example, if I initially
sign up with NoScript active and send the raw password, then later enable
JavaScript on your site and send it MD5'd, I wouldn't be allowed in. So be
sure that if you do this that there is no normal way to signup / login without
JavaScript enabled.

------
tcp
I've done this in my own web application, and since the whole web application
is built on Javascript anyway, it's never been a problem.

I also hash the password again serverside, so:

* Only the client knows the plaintext password

* The plaintext password is never transmitted over the network

* The hash stored on the server isn't enough to sign in to the account

