Overview #
Length extension attack is an Attack done by an attacker when he can use Hash(message1) and the length of message1 to calculate Hash(message1 ‖ message2) for an attacker-controlled message2.In this context, signing a message is done by prepending the secret to the hash value and can be verified by any recipient who also shares the secret. Length extension attack can be used to sign a message when a Merkle–Damgård based hash is misused as a Message Authentication Code, allowing for inclusion of extra information at the end of the current message.
Length extension attack can be done on hashes with construction H(secret ‖ message) when message and the length of secret is known. Algorithms like MD5, SHA-1, and SHA-2 that are based on the Merkle-Damgard construction are susceptible to this kind of attack.
HMAC hashes are not prone to Length extension attack
AND
SHA-3 algorithm is not susceptible to the Length extension attack
AND
SHA-3 algorithm is not susceptible to the Length extension attack
More Information#
There might be more information for this subject on one of the following:- [#1] - Length_extension_attack
- based on information obtained 2018-08-28-
- [#2] - Everything you need to know about hash length extension attacks - based on information obtained 2018-08-28-