CODEWITHSUNDEEP
javajavascriptsecurityappletmd5
Arun David
Arun David

Reputation: 2784

JavaScript MD5 hashing vs Java Applet MD5 hashing?

Recently I came across a project which uses MD5 hashing for posting username and password while logging in.. But what I saw was a little weird, they have used both Applet as well as JavaScript for hashing, like if Applet is not there, then JavaScript works.

The code is as follows:

var username=document.getElementById('username');
var password=document.getElementById('password');
try { 
    encUsername = appletObject.encryptMessage(username);
    encPassword = appletObject.encryptMessage(password);
} catch (e) { 
    encUsername = hex_md5(username);
    encPassword = hex_md5(password);
}
//post encUsername & encPassword for validation
  1. Is this method used only for browser compatibility for JS and Applet, or any advantage for applet over javascript for MD5 hashing?
  2. Is there any security advantage for applet in this scenario?

Upvotes: 0

Views: 393

Answers (1)

epsalon
epsalon

Reputation: 2294

Hashing a password and username(?) on the client side serves no security purpose. The biggest benefit of storing hashed passwords on the server, is that in case the password database is compromised, no actual valid passwords are leaked. However, when passwords are hashed on the client side, the hash is in effect a password -- a password that is stored in the clear on the server, and as such provides no security advantage.

Regarding using an applet, I am not sure what the implementation of the applet is, but it does not seem to provide any additional benefit to using the built-in function.

Upvotes: 2

Related Questions