sha256_length_extension_attacks

skerkour · May 23, 2023 · 9b6be54 · 9b6be54
1 parent e1c4957
commit 9b6be54
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/blog/2023/sha256_length_extension_attacks/README.md b/blog/2023/sha256_length_extension_attacks/README.md
@@ -7,8 +7,8 @@
 $ go run ./ -verbose
 SecretKey: 459b26fb72fbc187e424d0b73c64eff2a170576e929f0255dc719f7f51d9d6c6
 Original Data: user_id=1&role=user
-Original Signature: 6c67e88ac5a246ce0f19da4eb279c56b3d9ba3e51879e33541e42b27dea7fe53
-Verify(SecretKey, OriginalData): true
+Original Signature SHA256(SecretKey || OriginalData): 6c67e88ac5a246ce0f19da4eb279c56b3d9ba3e51879e33541e42b27dea7fe53
+Verify OriginalSignature == SHA256(SecretKey || OriginalData): true
 
 ---------------------------------------------------------------------------------------------------
 
@@ -29,5 +29,5 @@ Malicious Message (OriginalData || padding || MaliciousData):
 00000030  72 6f 6c 65 3d 61 64 6d  69 6e                    |role=admin|
 
 Malicious Signature: cedf9f0ee04d26731c6641390a761ab21786345be1f4c04072e3b501e475d195
-Verify(SecretKey, maliciousMessage): true
+Verify MaliciousSignature == SHA256(SecretKey, MaliciousMessage): true
 ```
diff --git a/blog/2023/sha256_length_extension_attacks/main.go b/blog/2023/sha256_length_extension_attacks/main.go
@@ -25,8 +25,8 @@ func main() {
 
 	fmt.Printf("SecretKey: %s\n", hex.EncodeToString(secretKey))
 	fmt.Printf("Original Data: %s\n", string(originalData))
-	fmt.Printf("Original Signature: %s\n", hex.EncodeToString(originalSignature))
-	fmt.Printf("Verify(SecretKey, OriginalData): %v\n", verifySignature(secretKey, originalSignature, originalData))
+	fmt.Printf("Original Signature SHA256(SecretKey || OriginalData): %s\n", hex.EncodeToString(originalSignature))
+	fmt.Printf("Verify OriginalSignature == SHA256(SecretKey || OriginalData): %v\n", verifySignature(secretKey, originalSignature, originalData))
 
 	fmt.Println("\n---------------------------------------------------------------------------------------------------\n")
 
@@ -40,7 +40,7 @@ func main() {
 		fmt.Println(hex.Dump(maliciousMessage))
 	}
 	fmt.Printf("Malicious Signature: %s\n", hex.EncodeToString(maliciousSignature))
-	fmt.Printf("Verify(SecretKey, maliciousMessage): %v\n", verifySignature(secretKey, maliciousSignature, maliciousMessage))
+	fmt.Printf("Verify MaliciousSignature == SHA256(SecretKey, MaliciousMessage): %v\n", verifySignature(secretKey, maliciousSignature, maliciousMessage))
 }
 
 func forgeSignature(secretKeyLength uint64, originalDataLength uint64, originalSignature []byte, maliciousData []byte) (forgedSignature []byte) {