i am using a cryptographic library in php (http://phpseclib.sourceforge.net/).
i am adding a new pair of methods to its AES class.
those methods implement HMAC generation/verification.
encryption method adds the hmac string to the ciphertext.
decryption method separates the hmac and verifies it.
i have several questions.
1) is this general formula correct for the encryption method:
note: || means concatenation.
2) it is better the hmac be appended or prepended to the cipher text and why (or maybe there is no deference?).
3) i can use a variety of hash algorithms for hmac:
md2, md5, md5-96, sha1, sha1-96, sha256, sha384, and sha512
but i dont want to degrade the performance and increase the output length unnecessarily. if it is relevant, i use AES 128 bits; i am not sure if there must be a correlation between the encryption key length and the hmac algorithm used.
i know that the md5 and sha1 hash algorithms have known weaknesses and should no longer be used, but wikipedia article about HMAC says:
| HMACs are substantially less affected by collisions than their underlying hashing algorithms alone.  . Therefore, HMAC-MD5 does not suffer from the same weaknesses that have been found in MD5. |
so can i use hmac-md5 safely?