Open cespare opened 11 years ago
I see two issues that both expose you to some kind of length extension attacks. @mdietz can tell you more :)
Lots of people get this wrong, but we should fix at some point.
I think a good example is AWS signature generation:
http://docs.amazonwebservices.com/amazonglacier/latest/dev/amazon-glacier-signing-requests.html#example-signature-calculation
I see two issues that both expose you to some kind of length extension attacks. @mdietz can tell you more :)
Lots of people get this wrong, but we should fix at some point.
I think a good example is AWS signature generation:
http://docs.amazonwebservices.com/amazonglacier/latest/dev/amazon-glacier-signing-requests.html#example-signature-calculation