Badness in MD5.as, plus TLS update
Right now, any ByteArray you feed to MD5 will get messed with, in 2 ways:
- Some padding will be added to the end of it
- The endianness of the array will be forced to little-endian.
You see, TLS has this “finished” message as part of its handshake that requires to compute an MD5 hash and a SHA-1 hash of the same array, then send a derivative of it to the server.
If the server doesn’t like your data, it will return a cryptic “Bad Mac Data” message, which really means “You messed up, but we’re not going to tell you where exactly because that’d help evil people too much.”
Anyway, long story short, MD5 doesn’t destroy the data it hashes anymore, and I am now able to send the “Finished” message from the client, and receive a “Finished” message from the server, which is a really good sign overall.
As soon as I get to the point where plain-text can be sent and received over a pseudo-secure connection, I’ll release something. (That’ll include an MD5 fix, at least.)
Note: “Pseudo-secure” means the client code will be missing a lot of sanity and security checks that any self-respecting TLS implementation ought to have. That also means you seriously shouldn’t use it yet. Still, it’s a start.
PS: For you folks who submitted bug reports and patches, I still care. I just need to get this TLS thing out of my system first. Then I’ll fix whatever I can.
November 9th, 2007 at 12:22 am
Hi, Metal Hurlant, I am a Chinese web developer. Maybe it is not properly to deliver the message along with this post, however I have to ask you for help. I found that you deleted the function of signature in RSA which uses private key to encrypt a text and uses the corresponding public key to decrypt the cipher. That’s to say, the function of signature which ever existed in your previous version was deleted from the lastest version(v1.2) — which function left only in RSA is encryption. I tried my best to add this function(signature) back, but I failed, because of my poor capabilities. I solicitously hope you can add the function of signature in RSA back to the new version very recently. Thank you very much!!!!!!!!!!