[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[OT] Is calculating an MD5 hash of a Rjindael encrypted block and it's key insecure?


Although this question is a bit off topic, I think that this list is the best audience to answer it.

For the company I'm working I had to write an apache module, that the users do not have to enter their username password everytime they log onto the intranet web server.

My solution is a mod_perl module, that catches every request before the authentication module and supplies the credentials automatically. This works with ANY apache authentication modules using basic authentication. The credentials themselves are stored in a cookie on the client side. If there is no cookie, or the cookie is invalid, the user is presented the usual login popup and as the user authenticates, the modules fetches the credentials and creates the cookie. The cookie can be invalidated by invoking a to defined URI (this provides the logout function).

The cookie has a limited lifetime, is bound to the client's IP address and is AES256 encrypted, with a server side stored encryption key. I discovered, that if I changed this encryption key, the module would not return, as it could not decypher the credentials. Furthermore someone could send an invalid cookie which would cause some DoS attack. So I added a checksum over the encrypted credentials and the key itself. This checksum has the form of an md5 hex checksum and is checked before the decyphering of the credentials takes place.

I'm no cryptographic expert, so I'm asking this: Using AES256 in CBC mode, if I have a key $k and a string $s representing the credentials, that's encrypted with this key and if I calculate the checksum following this method

$c = md5_hex( $s.$k );

Does $c compromise the security of the the encrypted credentials, resp. the key $k? This is important because $s and $c get stored in the cookie.

Best regards


Reply to: