hash_extender icon indicating copy to clipboard operation
hash_extender copied to clipboard

Published 20 hours ago verified publisher icon iagox86

You may also need the length of `secret`

Open MagShadow opened this issue 6 years ago • 1 comments

in your text you say

Knowing only data, H, and signature, the attacker's goal is to append 'append' to data and generate a valid signature for the new data. And that's easy to do! Let's see how.

but actually, you need the length of secret to calculate the length of padding?

MagShadow avatar Oct 25 '18 09:10 MagShadow

Yes, unfortunately you do. I should mention that in the text.

On Thu, Oct 25, 2018 at 2:51 AM 勇者护手 [email protected] wrote:

in your text you say

Knowing only data, H, and signature, the attacker's goal is to append 'append' to data and generate a valid signature for the new data. And that's easy to do! Let's see how.

but actually, you need the length of secret to calculate the length of padding?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/iagox86/hash_extender/issues/10, or mute the thread https://github.com/notifications/unsubscribe-auth/AAgITEyeoOQREnqwp7yhm0L_SqrdBQVsks5uoYmDgaJpZM4X551Z .

iagox86 avatar Oct 25 '18 15:10 iagox86