Your link to the javascript MD5 routine is broken, (at this moment anyways). I'm wondering if you are not getting the concept of challenge and salt confused. In MD5 based password crypt, a salt value is used to generate the hash, and you are referring to the " value of the challenge being used against the string".

I'm not going thru the mental aggravation of trying to hack their methods, but you have those 2 values to play with. The md5 salt, and the password, additionally it maybe be base64 encoded( which just adds another level of complication).

It would seem to me, that their likely method, would be to send you a custom login page, with a random salt built-in to the html javascript. It then asks you to enter your password, which the javascript hashes with the salt, ( then may possibly base64encode it). It sends this value, and checks if it matches the MD5 crypt hash on their end, which uses the same salt. The salt may be hidden in a hidden field or even a cookie.

Anyways, all those factors would make it an all day effort to hack, unless you get lucky and spot it quickly.