neverett Posted January 25, 2008 Share Posted January 25, 2008 function validate_oldpw(opw, pw){ with(opw, pw){ var old = opw.value; old = md5(old); if(opw.value == ""){ alert("The [old] password you entered does not match your current account password.1"); return false; } if(md5(old) == pw.value){ return true; } else{ alert("The [old] password you entered does not match your current account password.2"); return false; } } } Any idea why this won't work. I'm trying to compare two passwords. pw.value is a password stored via the md5 method. I'm trying to take opw and check it with the supplied pw.value. Let me know if you have any ideas. Thanks in advance!!! Quote Link to comment Share on other sites More sharing options...
rajivgonsalves Posted January 25, 2008 Share Posted January 25, 2008 where is md5 function declared ? Quote Link to comment Share on other sites More sharing options...
neverett Posted January 25, 2008 Author Share Posted January 25, 2008 It's built into Javascript correct? The md5 hash? Quote Link to comment Share on other sites More sharing options...
rajivgonsalves Posted January 25, 2008 Share Posted January 25, 2008 nope there is no inbuilt md5 function in javascript however I googled and found this http://www.webtoolkit.info/javascript-md5.html Quote Link to comment Share on other sites More sharing options...
emehrkay Posted January 25, 2008 Share Posted January 25, 2008 what is the point of md5'in two string in javascript for comparison purposes? Just compare the strings Quote Link to comment Share on other sites More sharing options...
neverett Posted January 28, 2008 Author Share Posted January 28, 2008 That would be nice if I could just compare the strings, but I have queried the already encrypted password out of the database therefore i need to encrypt the non-encrypted password entered in the form to be sure the two match. Quote Link to comment Share on other sites More sharing options...
laffin Posted January 28, 2008 Share Posted January 28, 2008 and why wud u do that? now you have given away a great deal in cracking the pw. the md5 hash shudn be made available to the user at all. with this hash someone can generate new hashs, and come up with a password that isnt the same as the original password, but gives the same md5 hash. Quote Link to comment Share on other sites More sharing options...
neverett Posted January 29, 2008 Author Share Posted January 29, 2008 But the md5 hash can be found anywhere on the net. How is this any different? Quote Link to comment Share on other sites More sharing options...
laffin Posted January 29, 2008 Share Posted January 29, 2008 u give the result of the md5, that's what i'm talking about. not the function. if someone were to see the md5 hash of a password, they got 2 keys to a puzzle of a user acct. 1) The username 2) the md5 hash itself (the result of md5) now they can run a routine offline to hack that acct. u want to make things harder, reason to use md5 hashes instead of plain text passwords. not defeat the purpose of md5 hashing Quote Link to comment Share on other sites More sharing options...
neverett Posted January 29, 2008 Author Share Posted January 29, 2008 But they shouldn't be able to see the hashed password can they (the pw var)??? That should all be hidden. How can I go about fixing this? I really appreciate your input and pointing this out to me. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.