How can I generate a hash value for a string on both my Rails backend and in Javascript on the browser?

Question

I'm building a web game in Ruby on Rails and I want most of the game logic to take place on the browser. The game involves a user answering a question. I need to embed the answers in the web page since that's where I'm putting the code that verifies the user answered the question correctly. I don't want put the answers in plain text since savvy users can view the source to see the answers, so I figured I'd encrypt them using a hash before I embed them in the page.

To do this, I need to first create the hash value for the answer string on my Rails backend, and then when the user answers the question, I need to create the hash value for their answer and compare that hash value with the embedded hash value. If they're equal, then they answered the question correctly and I notify my server.

How can I generate a hash value for a string on both my Rails backend and in Javascript on the browser?

Would you suggest a better way to hide the answers on my webpage?

Answer 1

Given the purpose MD5 should suffix, from a client side point of view you can use the phpjs.org version of MD5 from here

http://phpjs.org/functions/md5/

If MD5 is not good enough, you can look into other hashing possibilities in Google Closure Library

http://closure-library.googlecode.com/svn/docs/namespace_goog_crypt.html

I never worked with ruby but the MD5 counterpart appears to be this

http://ruby-doc.org/stdlib-1.8.6/libdoc/digest/rdoc/MD5.html

Answer 2

With the ready availability of sites like the one lostsource posted, to strengthen the hash, you should add multiply the timestamp to it. You then have the timestamp in your data and can call the phpjs md5 hashcode with "#{timestamp}#{hashcode}".