notes (633B)
1The solution is a sha1 hash length extension attack which allows us to 2append a suffix to an existing message and given the old hash create a 3valid hash for the new message. 4 5To perform a length extension attack we first add the padding which is added 6during preprocessing of the message if its length is not a mulitple of 64.. 7this results in the same hash. The padding is a Merkle–Damgård construction: 8 9msg + 0x80 + 0x00 (N byte pad) + ... (8 byte msg size) 10 11Since the hash represents the state of the hashing function we can then 12begin hashing the next block to add our suffix and create a valid hash 13for the entire message. 14