[EMAIL PROTECTED] (Eric Kolve) wrote:
>I was wondering if someone could explain to me why in the eagle book it
>is necessary to perform
>an md5 twice before sending a mac_check to a user of a number of
>fields. I read in the mod_perl book that this is done 'to prevent
>technically savy users from appending data to the @fields'.
>
>my $mac_check = md5_hex($secret,
> md5_hex(join '', $secret, @fields));
>
>
>What I am wondering is, what situation would a user be able to append
>data to the fields? I believe if you change only one bit of the data,
>the mac will change, so I am a little confused.
This looks suspicious to me too. Any hashing algorithm worth its salt
shouldn't have to be done twice. And doing it twice may in fact expose
weaknesses in the algorithm (though I have no evidence to support this).
I'd suggest just this:
my $mac_check = md5_hex join '', $secret, @fields;
------------------- -------------------
Ken Williams Last Bastion of Euclidity
[EMAIL PROTECTED] The Math Forum
