Closed magodo closed 4 months ago
Hey @magodo good catch, thank you very much!
I'm not sure I will merge this PR (for copyright reasons, I want to maintain full ownership of the code in my repos...), so I will keep it open the time to decide, but will fix the blog post nonetheless.
Feel free to close my pr and apply the changes to the blog&code accordingly :)
Thank you :)
I've been reading about the sha256 length extension attack in a book, and going to try this out in Go yesterday. Then I found your article https://kerkour.com/sha256-length-extension-attacks, which is really helpful, and indeed the way how I was doing, thank you for writing this!
While reading your blog, I've noticed that the padding calculation (and the loading for the
d.len
) doesn't exactly matches the RFC's equation. E.g. given:Your demo code will panic.
Instead of re-building the wheel, we can reuse the padding logic been implemented in the
sha256.go
(as is done in this PR). With this, the above input can still work as expected.