Note SHA-256 length extension attack, HMAC, replay attacks

ossf / secure-sw-dev-fundamentals

Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)

Creative Commons Attribution 4.0 International

175 stars 47 forks source link

Note SHA-256 length extension attack, HMAC, replay attacks #128

Open david-a-wheeler opened 1 year ago

david-a-wheeler commented 1 year ago

For more:

https://kerkour.com/sha256-length-extension-attacks
https://news.ycombinator.com/item?id=36058754

nmav commented 1 month ago

Mentioning that a hash should not be used as a MAC with the length extension attack example aligns with the message of not creating own cryptography when it exists. For message authentication codes, HMAC is good for a historical context, and mentioning the modern MACs such as KMAC - SHA3-based (NIST.SP.800-185), and universal hashes such as poly1305 would make sense.