In this context, signing a message is done by prepending the secret to the hash value and can be verified by any recipient who also shares the secret. Length extension attack can be used to sign a message when a Merkle–Damgård based hash is misused as a Message Authentication Code, allowing for inclusion of extra information at the end of the current message.
Length extension attack can be done on hashes with construction H(secret ‖ message) when message and the length of secret is known. Algorithms like MD5, SHA-1, and SHA-2 that are based on the Merkle-Damgard construction are susceptible to this kind of attack. '
More Information#There might be more information for this subject on one of the following:
- [#1] - Length_extension_attack - based on information obtained 2018-08-28-
- [#2] - Everything you need to know about hash length extension attacks - based on information obtained 2018-08-28-