ΠΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ ΡΡΠ½ΠΊΡΠΈΡ SHA1 ΠΊΠ°ΠΊ MAC Π½Π΅Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎ:
digest = SHA1(KEY || MESSAGE)
ΠΡΠ°ΠΊΡΡΡΠΈΠΉ ΠΌΠΎΠΆΠ΅Ρ ΠΏΠΎΠ΄Π΄Π΅Π»Π°ΡΡ ΠΏΠΎΠ΄ΠΏΠΈΡΡ Π΄Π»Ρ ΡΠ²ΠΎΠ΅Π³ΠΎ ΡΠΎΠΎΠ±ΡΠ΅Π½ΠΈΡ, Π½Π΅ Π·Π½Π°Ρ ΠΊΠ»ΡΡΠ°.
Length-Extension Attack: https://dzone.com/articles/forging-a-sha-1-mac-using-a-length-extension-attacarrow-up-right https://cryptopals.com/sets/4/challenges/29arrow-up-right
Bad: hash(KEY || MESSAGE || PADDING)
hash(KEY || MESSAGE || PADDING)
Usable: hash(MESSAGE || KEY || PADDING)
hash(MESSAGE || KEY || PADDING)
Good: hmac(MESSAGE || KEY || PADDING)
hmac(MESSAGE || KEY || PADDING)
https://github.com/bwall/HashPumparrow-up-right
https://github.com/iagox86/hash_extenderarrow-up-right
Last updated 2 years ago