2

Generally speaking, MD5 is considered as broken for secure usage these days, but I came across a signature design using MD5 many times recently in my company. The detail shows as following:

T = text, which is directly viewable as plain text in a HTTP header.

AppId, AccessKey = ID and Key pairs authorized from server. The ID is also appended as plain text in HTTP header.

signature = MD5(T || timestamp || AppId || AccessKey)

My question is how secure is this signature design? I've searched for many sorts of collision attacks, and the closest one to this condition is the chosen prefix attack, which seems still hard to effectively exploit this signature.

Any idea would be greatly appreciated.

Z.T.
  • 8,504
  • 1
  • 25
  • 39
Dee
  • 23
  • 3
  • 1
  • There is a site dedicated to cryptography: https://crypto.stackexchange.com/ – User42 Apr 01 '19 at 08:08
  • I don't think this would pass a security audit, even if no one can find a way to break your system using md5 collisions. 2. Look at how professionals do it: https://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html and note that they had a security problem: https://www.daemonology.net/blog/2008-12-18-AWS-signature-version-1-is-insecure.html and that's why it's AWS sig v4 now. 3. Please make sure to always specify it's a symmetric crypto signature (a MAC), because the plain term "digital signature" mostly means an asymmetric crypto signature (like DSS, RSA-PSS, ECDSA, EdDSA).
  • – Z.T. Apr 01 '19 at 14:42