How to use MD5 in javascript to transmit a password
If someone is sniffing your plain-text HTTP traffic (or cache/cookies) for passwords just turning the password into a hash won't help - The hash password can be "replayed" just as well as plain-text. The client would need to hash the password with something somewhat random (like the date and time)See the section on "AUTH CRAM-MD5" here: http://www.fehcom.de/qmail/smtpauth.html
I would suggest you to use CryptoJS in this case.
Basically CryptoJS is a growing collection of standard and secure cryptographic algorithms implemented in JavaScript using best practices and patterns. They are fast, and they have a consistent and simple interface.
So In case you want calculate hash(MD5) of your password string then do as follows :
<script src="http://crypto-js.googlecode.com/svn/tags/3.0.2/build/rollups/md5.js"></script><script> var passhash = CryptoJS.MD5(password).toString(); $.post( 'includes/login.php', { user: username, pass: passhash }, onLogin, 'json' );</script>
So this script will post hash of your password string to the server.
For further info and support on other hash calculating algorithms you can visit at: