1130876 - Please provide support for MD5 in WebCrypto

Status: RESOLVED WONTFIX

(Core :: DOM: Web Crypto, enhancement, P3)

Description

[Joshua Cranmer [:jcranmer]]

I realize that MD5 is a broken hash algorithm, but I would still like to see support of it in WebCrypto. I'm currently building a SASL client library for use in email protocols (i.e., IMAP, SMTP, et al), and very many servers still support CRAM-MD5 but not SCRAM-SHA-*. So there's a case to be made that it's still sufficiently widely used to be worth supporting.

The main issue I have polyfilling it is that CRAM-MD5 uses an MD5-based HMAC algorithm, so I'd in effect have to polyfill both MD5 and HMAC, since I can't define a custom hash algorithm and have HMAC or PBKDF2 or other algorithms use that one.

Here's what CRAM-MD5 looks like, algorithmically, in terms of WebCrypto should an MD5 hash algorithm be added:
CramMD5Module.prototype.executeSteps = function*(initChallenge) {
  var hmacAlgorithm = {
    name: "HMAC",
    hash: "MD5",
    length: 128
  };
  var result = crypto.subtle.importKey("raw",
    saslUtils.stringToArrayBuffer(saslUtils.saslPrep(this.pass)),
    hmacAlgorithm, false, ['sign']
  ).then(function (hmacKey) {
    return crypto.subtle.sign(hmacAlgorithm, hmacKey,
      saslUtils.base64ToArrayBuffer(initChallenge));
  }).then((function (result) {
    var hexStr = '';
    for (var i = 0; i < result.length; i++)
      hexStr += hexBytes[result[i]];
    return saslUtils.stringToBase64UTF8(
      saslUtils.saslPrep(this.user) + " " + hexStr);
  }).bind(this));

  yield result;
};

Comment 1

[Martin Thomson [:mt:]]

Have you considered a polyfill?  Adding an *ahem* to the browser platform seems inadvisable.  And personally, I have no problem giving people who don't care enough about security to upgrade their software worse performance.  I'd be happier to have things not work, actually.