Ionic md5 hash

Hello,
can anybody suggest solution how to generate MD5 hash from string in Ionic2? What library to use?

I’m using this lib

https://www.npmjs.com/package/ts-md5

Once I included it via npm install, I put the following in my class file:

import {Md5} from 'ts-md5/dist/md5';

and use it like:

Md5.hashStr(profile.password);

3 Likes

Thank you @Apat183! Very simple and working solution!

1 Like

please help
Cannot find module “ts-md5/dist/md5”

Hi, and howto decrypt?

1 Like

MD5 is one way hashing algorythm. It’s not decryptable.

Install it with npm:
npm install ts-md5

Read the documentation in link above, in @Apat183 answer.

MD5 is a terrible choice for any purpose. For integrity protection, it’s worthless because collisions can be generated easily. For hashing passwords, it’s horrible because it is so efficient that it can be brute-forced and rainbow-tabled.

Instead, use SHA-256 for integrity protection and bcrypt for password hashing.

There are cases when you don’t need collision-free haches. Then MD5 can be used, because it’s less CPU-intensive comparing to SHA256. And if we speak about mobile app development, it’s important.

And it’s wise to add salt to string, before generating MD5 or even SHA256 hash. Maybe it’s also a good idea to make multiple iterations if you really care about security. For example:

Md5.hashStr(Md5.hashStr(Md5.hashStr(profile.password + profile.username + profile.email)))

It’s a matter of design.

Such as?

As I see it, that’s generally a bad thing.

What would be the point of that?

  1. If you are hashing some non critical data
  2. MD5 is generated faster than SHA256
  3. Rainbow tables don’t contain values for your own multiple MD5 iteration algorythm.

You are desperately trying to prove that MD5 is unsecure algorythm. Can you post 2 different strings (which people would possibly use as their password) here which produces the same hash?

I’m not saying that MD5 is a way to go everywhere, but I don’t like that people somewhere have heard that MD5 is a weak algorythm and saying that it’s a terrible choice to use MD5 without even knowing where it will be used.

Can you give a real-world example of where you would want to do this? The one you mentioned earlier looked a lot to me like password hashing, where speed of execution is objectively a bad thing.

I said for the two purposes where it is typically employed, one of which seems to be what you are using it for, it is an extremely bad choice, and I recommended alternatives for each case.

Well, I don’t like people writing insecure apps that risk user secrets and put all of us in the industry in a bad light. Again, show me a situation where MD5 is a defensible choice.

:slight_smile: This conversation leads nowhere. I’m out of this.

Security is a very important topic, and it must transcend our feelings and egos. If you are willing to defend your position, I am willing to listen.

MD5-hashing can be very useful for checking integrity of data. Say you’re downloading photos / videos, and you want to make sure you’ve got all the data without corruption. Calculating the md5 checksum and comparing it to the origin server’s checksum is then useful because it requires less CPU power than alternatives.

2 Likes

does it support on mobile devices

The problem is not there at all. The problem is in the math. You compute a rainbow table with really long chain. more you have collision less chain you have to compute. Since md5 is super fast and have a lot of collisions you can compute find back a password under 8 chars in minutes if not seconds.