Please provide support for MD5 in WebCrypto




4 years ago
2 years ago


(Reporter: jcranmer, Unassigned)


Firefox Tracking Flags

(Not tracked)


(Whiteboard: [domsecurity-backlog2])



4 years ago
I realize that MD5 is a broken hash algorithm, but I would still like to see support of it in WebCrypto. I'm currently building a SASL client library for use in email protocols (i.e., IMAP, SMTP, et al), and very many servers still support CRAM-MD5 but not SCRAM-SHA-*. So there's a case to be made that it's still sufficiently widely used to be worth supporting.

The main issue I have polyfilling it is that CRAM-MD5 uses an MD5-based HMAC algorithm, so I'd in effect have to polyfill both MD5 and HMAC, since I can't define a custom hash algorithm and have HMAC or PBKDF2 or other algorithms use that one.

Here's what CRAM-MD5 looks like, algorithmically, in terms of WebCrypto should an MD5 hash algorithm be added:
CramMD5Module.prototype.executeSteps = function*(initChallenge) {
  var hmacAlgorithm = {
    name: "HMAC",
    hash: "MD5",
    length: 128
  var result = crypto.subtle.importKey("raw",
    hmacAlgorithm, false, ['sign']
  ).then(function (hmacKey) {
    return crypto.subtle.sign(hmacAlgorithm, hmacKey,
  }).then((function (result) {
    var hexStr = '';
    for (var i = 0; i < result.length; i++)
      hexStr += hexBytes[result[i]];
    return saslUtils.stringToBase64UTF8(
      saslUtils.saslPrep(this.user) + " " + hexStr);

  yield result;
Have you considered a polyfill?  Adding an *ahem* to the browser platform seems inadvisable.  And personally, I have no problem giving people who don't care enough about security to upgrade their software worse performance.  I'd be happier to have things not work, actually.
Component: DOM: Security → Security
Component: Security → DOM: Security
Priority: -- → P3
Whiteboard: [domsecurity-backlog2]
You need to log in before you can comment on or make changes to this bug.