Another thing to add to my previous comment. When developing for the web, NEVER and that is a definate repeat of the word ‘never’ put ANY encryption/decryption/hashing/security algorithm in a piece of javascript code on your html page. That is not what javascript was intended for and it’s not even 1% secure.
All scripts involving security and passwords should execute server-side where the user has no way of seeing or tampering with them.
Giving someone your security algorithms is the same as giving them the password or even passing them a plain text file.