> It's because of the internal mechanism (a "Merkel Damgard Construction") intrinsic to hash functions like MD5, SHA1, SHA256 and friends. Even if MD5 were cryptographically secure, this vulnerability would still present itself if used in the way I described.
Thanks for pointing that out, didn't know that.
Just for fun, if they had written message+secret instead of secret+message it would have been ok (although bad practice)?
Secret suffix MACs are insecure if your hash function isn't collision-resistent. To illustrate: MD5 isn't collision-resistent, but HMAC-MD5 has no currently known viable attacks, because it isn't simple a secret-suffix MAC.
So it's true that using a secret-suffix MAC is safer than using a secret-prefix MAC, but if you know enough to make that choice, you know enough to use HMAC.
Thanks for pointing that out, didn't know that.
Just for fun, if they had written message+secret instead of secret+message it would have been ok (although bad practice)?
calculated_mac = OpenSSL::Digest::MD5.hexdigest(message+secret)