简介
In short, the length-extension attack on one-way hash construction is that you can, given h(m) and len(m), you are able to compute h(m||pad(m)||m’) for any m’ (|| stands for concatenation), even if you don’t know the entire message m. This attack works on all Merkle-Damgård hash such as MD0-MD5 and SHA0-SHA2. This is also called “message extension” or “padding” attack”. (感觉问题主要来源于分组串联)
具体流程
解决方法
- 用HMAC
- Hash(message || password)
- Hash(password || Hash(message))