I want my customers to authenticate against a 3rd party service with similar cookie the utilization with my website.
Could it be safe to talk about the md5(cookie, service_title) using the service, where service_title is really a constant string that the customers uses.
To authenticate from the service a js function is going to do the md5 from the cookie around the client side and employ it.
It is possible to better and safer hashing to make use of or perhaps is md5 secure enough?
Should i base64 decode the cookie before doing the md5?
There's little possibility of curing the hash to get the original cookie data so it's safe for the reason that regard.
You could utilize SHA-1 hash rather however both of them are susceptible to collision attacks, possibly permitting an unauthorized attacker (who does not possess the cookie) to get into the next party service. I'm not sure how likely that might be.
So far as base64 decoding it, check and find out if it's base64 encoded first.