[OT] Is calculating an MD5 hash of a Rjindael encrypted block and it's key insecure?
Hi
Although this question is a bit off topic, I think that this list is the
best audience to answer it.
For the company I'm working I had to write an apache module, that the
users do not have to enter their username password everytime they log
onto the intranet web server.
My solution is a mod_perl module, that catches every request before the
authentication module and supplies the credentials automatically. This
works with ANY apache authentication modules using basic authentication.
The credentials themselves are stored in a cookie on the client side. If
there is no cookie, or the cookie is invalid, the user is presented the
usual login popup and as the user authenticates, the modules fetches the
credentials and creates the cookie. The cookie can be invalidated by
invoking a to defined URI (this provides the logout function).
The cookie has a limited lifetime, is bound to the client's IP address
and is AES256 encrypted, with a server side stored encryption key. I
discovered, that if I changed this encryption key, the module would not
return, as it could not decypher the credentials. Furthermore someone
could send an invalid cookie which would cause some DoS attack. So I
added a checksum over the encrypted credentials and the key itself. This
checksum has the form of an md5 hex checksum and is checked before the
decyphering of the credentials takes place.
I'm no cryptographic expert, so I'm asking this: Using AES256 in CBC
mode, if I have a key $k and a string $s representing the credentials,
that's encrypted with this key and if I calculate the checksum following
this method
$c = md5_hex( $s.$k );
Does $c compromise the security of the the encrypted credentials, resp.
the key $k? This is important because $s and $c get stored in the cookie.
Best regards
Marcel
Reply to: