solve/notes


1
2
3
4
5
6
7
8
9
10
11
12
13
14

The solution is a sha1 hash length extension attack which allows us to
append a suffix to an existing message and given the old hash create a
valid hash for the new message.

To perform a length extension attack we first add the padding which is added
during preprocessing of the message if its length is not a mulitple of 64..
this results in the same hash. The padding is a Merkle–Damgård construction:

msg + 0x80 + 0x00 (N byte pad) + ... (8 byte msg size)

Since the hash represents the state of the hashing function we can then
begin hashing the next block to add our suffix and create a valid hash
for the entire message.