Crypto

SHA1-MAC: Length-Extension Attack

Description

Π˜ΡΠΏΠΎΠ»ΡŒΠ·ΠΎΠ²Π°Ρ‚ΡŒ Ρ„ΡƒΠ½ΠΊΡ†ΠΈΡŽ SHA1 ΠΊΠ°ΠΊ MAC нСбСзопасно:

digest = SHA1(KEY || MESSAGE)

ΠΡ‚Π°ΠΊΡƒΡŽΡ‰ΠΈΠΉ ΠΌΠΎΠΆΠ΅Ρ‚ ΠΏΠΎΠ΄Π΄Π΅Π»Π°Ρ‚ΡŒ подпись для своСго сообщСния, Π½Π΅ зная ΠΊΠ»ΡŽΡ‡Π°.

Length-Extension Attack: https://dzone.com/articles/forging-a-sha-1-mac-using-a-length-extension-attac https://cryptopals.com/sets/4/challenges/29

Short

  • Bad: hash(KEY || MESSAGE || PADDING)

  • Usable: hash(MESSAGE || KEY || PADDING)

  • Good: hmac(MESSAGE || KEY || PADDING)

Tools

PreviousAttacksNextHMAC-SHA1: Break with an artificial timing leak β€” ΡƒΡ‚Π΅Ρ‡ΠΊΠΈ Π²Ρ€Π΅ΠΌΠ΅Π½ΠΈ

Last updated