crypto-jsis a rich javascript library containing many cryptography algorithms.

crypto-js是一个丰富的 javascript 库，包含许多加密算法。

All you have to do is just call CryptoJS.MD5(password)

你所要做的就是打电话 CryptoJS.MD5(password)

$.post(
  'includes/login.php', 
  { user: username, pass: CryptoJS.MD5(password) },
  onLogin, 
  'json' );

If someone is sniffing your plain-text HTTP traffic (or cache/cookies) for passwords just turning the password into a hash won't help - The hash password can be "replayed" just as well as plain-text. The client would need to hash the password with something somewhat random (like the date and time) See the section on "AUTH CRAM-MD5" here: http://www.fehcom.de/qmail/smtpauth.html

如果有人正在嗅探您的纯文本 HTTP 流量（或缓存/cookies）以获取密码，那么将密码转换为散列将无济于事 - 散列密码可以像纯文本一样“重播”。客户端需要使用一些随机的东西（如日期和时间）散列密码，请参阅此处的“AUTH CRAM-MD5”部分：http: //www.fehcom.de/qmail/smtpauth.html

I would suggest you to use CryptoJS in this case.

在这种情况下，我建议您使用 CryptoJS。

Basically CryptoJS is a growing collection of standard and secure cryptographic algorithms implemented in JavaScript using best practices and patterns. They are fast, and they have a consistent and simple interface.

基本上，CryptoJS 是使用最佳实践和模式在 JavaScript 中实现的标准和安全加密算法的不断增长的集合。它们速度很快，并且具有一致且简单的界面。

So In case you want calculate hash(MD5) of your password string then do as follows :

因此，如果您想计算密码字符串的哈希（MD5），请执行以下操作：

<script src="http://crypto-js.googlecode.com/svn/tags/3.0.2/build/rollups/md5.js"></script>
<script>
    var passhash = CryptoJS.MD5(password).toString();

    $.post(
      'includes/login.php', 
      { user: username, pass: passhash },
      onLogin, 
      'json' );
</script>

So this script will post hash of your password string to the server.

因此，此脚本会将您的密码字符串的哈希值发布到服务器。

For further info and support on other hash calculating algorithms you can visit at:

有关其他哈希计算算法的更多信息和支持，您可以访问：

http://code.google.com/p/crypto-js/

http://code.google.com/p/crypto-js/

You might want to check out this page: http://pajhome.org.uk/crypt/md5/

您可能想查看此页面：http: //pajhome.org.uk/crypt/md5/

However, if protecting the password is important, you should really be using something like SHA256 (MD5 is not cryptographically secure iirc). Even more, you might want to consider using TLS and getting a cert so you can use https.

但是，如果保护密码很重要，那么您确实应该使用 SHA256 之类的东西（MD5 不是加密安全的 iirc）。更重要的是，您可能需要考虑使用 TLS 并获取证书，以便您可以使用 https。

In response to jt. You are correct, the HTML with just the password is susceptible to the Man in the middle attack. However, you can seed it with a GUID from the server ...

回应 jt。你是对的，只有密码的 HTML 很容易受到中间人攻击。但是，您可以使用来自服务器的 GUID 为其播种...

$.post(
  'includes/login.php', 
  { user: username, pass: $.md5(password + GUID) },
   onLogin, 
  'json' );

This would defeat the Man-In-The middle ... in that the server would generate a new GUID for each attempt.

这将击败中间人......因为服务器将为每次尝试生成一个新的 GUID。

if you're using php jquery, this might help:

如果您使用的是 php jquery，这可能会有所帮助：

   $.ajax({
        url:'phpmd5file.php',
        data:{'mypassword',mypassword},
        dataType:"json",
        method:"POST",
        success:function(mymd5password){
            alert(mymd5password);
        }
    });

on your phpmd5.php file:

在您的 phpmd5.php 文件中：

echo json_encode($_POST["mypassword"]);

echo json_encode($_POST["mypassword"]);

no jsplugins needed. just use ajax and let php md5() do the job.

不需要jsplugins。只需使用 ajax 并让 php md5() 完成这项工作。