tonybaloney
commented
3 years ago This is a good technical explanation of the attack https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks
Your assertion is correct. SHA-256 is still a one-way hashing algorithm. This attack relates to doing:
{ hash(original message) | hash(attacker message) } = {attack payload}
You need to be careful if you're using a deserialiser that might be vulnerable.
Not a bug or feature, but a general question as I've been unable to find an answer online. I have a process that obfuscates some internal data (so the resulting data is clean of PII for analytics type purposes) using SHA256, and I'm throwing the following warning.
HL101: MD5, SHA-1, RIPEMD-160, Whirlpool, and the SHA-256 / SHA-512 hash algorithms are all vulnerable to length-extension attacks and should not be used for obfuscating or protecting data. Use within a HMAC is not vulnerable.
Am I correct that the reason I'm getting this warning is not that my data could be 'unhashed' and the contents read, but it would theoretically be possible for someone to add to the data using a length extension attack and I wouldn't know because the hash valid?