Generating MD5 hashed passwords using ECMAScript

Generating MD5 hashed passwords using ECMAScript

While MD5 may not be the most effective way to secure data, it is used by some database applications and other systems. For more info on MD5, you can check: http://en.wikipedia.org/wiki/MD5

Once in a while, when configuring password sync/reset support for applications and systems for a given project, we stumble on MD5 hashed values.

Figure 1: Example Database Application that stores user credentials in MD5. Figure 1: Example Database Application that stores user credentials in MD5.


ECMAScript(aka Javascript) can be used both in workflows(Form Editor) and with IdM drivers through Policy Builder and be called as a function to operate a transformation on a password or attribute value to turn it into a MD5 hash. Using Google, I was able to spot a few examples quickly.

Figure 2: Creating a ECMAScript object in the library. Figure 2: Creating a ECMAScript object in the library.



Figure 3: Referencing the ECMAScript object from driver config. Figure 3: Referencing the ECMAScript object from driver config.



Figure 4: Using Policy Builder to transform/reformat password or attribute value. Figure 4: Using Policy Builder to transform/reformat password or attribute value.


DirXML Script example:



			<do-reformat-op-attr name="LMSPassword">
<arg-value type="string">
<token-xpath expression="es:calcMD5(string($MD5Pwd))"/>
</arg-value>
</do-reformat-op-attr>



I am storing the value to be hashed in a local variable called MD5Pwd in the action before the action that actually hashes the value, using $MD5Pwd as the argument for my calcMD5 function.

MD5 hash is not reversible(in theory) so we can use this example to provide support for password reset, and password check, but not to obtain the original value(before hash) on the Publisher channel for password sync.

You can download my ECMAScript object below.

generate_md5_value.zip
Attachments

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Comments

Oh dear, I thought I will get some ECMA Script that calls Java. But nope, this is a plain ECMA Script implementation of MD5. I will test but I am already impressed 🙂

I used this for a customer and it seems to work well.  IPA LDAP server in my case.

ACK, this works well. And it's still awesome 🙂

Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2011-04-20 18:40
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.