|
|
|
|
|
|
by alinajaf
4765 days ago
|
|
|
Hi, author here, I'm glad you found it useful! > I didnt know for example that you can basically extend an MD5ed string and keep the original MD5 value Thank tptacek for that knowledge, I think I picked it that up in a talk he did that's somewhere on Vimeo (will link to it). > Then again, I know that MD5 isn't a secure cryptographic hash function so I wouldn't have used it from the start. Nice to know why thats the case. Nope! I was going to mention in this in the post but removed it to keep things simple: This particular vulnerability is not due to MD5 collisions or MD5 being cryptographically insecure. It's because of the internal mechanism (a "Merkel Damgard Construction") intrinsic to hash functions like MD5, SHA1, SHA256 and friends. Even if MD5 were cryptographically secure, this vulnerability would still present itself if used in the way I described. Don't mean to nitpick, but with crypto small misunderstandings lead to big vulnerabilities. Hope that makes sense :) |
|
|
Thanks for pointing that out, didn't know that.
Just for fun, if they had written message+secret instead of secret+message it would have been ok (although bad practice)?
calculated_mac = OpenSSL::Digest::MD5.hexdigest(message+secret)