From 9b6be5494b4c827aeca42c32e0174e230d0acb19 Mon Sep 17 00:00:00 2001 From: Sylvain Date: Tue, 23 May 2023 17:04:15 +0000 Subject: [PATCH] sha256_length_extension_attacks --- blog/2023/sha256_length_extension_attacks/README.md | 6 +++--- blog/2023/sha256_length_extension_attacks/main.go | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/blog/2023/sha256_length_extension_attacks/README.md b/blog/2023/sha256_length_extension_attacks/README.md index 0224c57..ea3d269 100644 --- a/blog/2023/sha256_length_extension_attacks/README.md +++ b/blog/2023/sha256_length_extension_attacks/README.md @@ -7,8 +7,8 @@ $ go run ./ -verbose SecretKey: 459b26fb72fbc187e424d0b73c64eff2a170576e929f0255dc719f7f51d9d6c6 Original Data: user_id=1&role=user -Original Signature: 6c67e88ac5a246ce0f19da4eb279c56b3d9ba3e51879e33541e42b27dea7fe53 -Verify(SecretKey, OriginalData): true +Original Signature SHA256(SecretKey || OriginalData): 6c67e88ac5a246ce0f19da4eb279c56b3d9ba3e51879e33541e42b27dea7fe53 +Verify OriginalSignature == SHA256(SecretKey || OriginalData): true --------------------------------------------------------------------------------------------------- @@ -29,5 +29,5 @@ Malicious Message (OriginalData || padding || MaliciousData): 00000030 72 6f 6c 65 3d 61 64 6d 69 6e |role=admin| Malicious Signature: cedf9f0ee04d26731c6641390a761ab21786345be1f4c04072e3b501e475d195 -Verify(SecretKey, maliciousMessage): true +Verify MaliciousSignature == SHA256(SecretKey, MaliciousMessage): true ``` diff --git a/blog/2023/sha256_length_extension_attacks/main.go b/blog/2023/sha256_length_extension_attacks/main.go index ba53201..6180614 100644 --- a/blog/2023/sha256_length_extension_attacks/main.go +++ b/blog/2023/sha256_length_extension_attacks/main.go @@ -25,8 +25,8 @@ func main() { fmt.Printf("SecretKey: %s\n", hex.EncodeToString(secretKey)) fmt.Printf("Original Data: %s\n", string(originalData)) - fmt.Printf("Original Signature: %s\n", hex.EncodeToString(originalSignature)) - fmt.Printf("Verify(SecretKey, OriginalData): %v\n", verifySignature(secretKey, originalSignature, originalData)) + fmt.Printf("Original Signature SHA256(SecretKey || OriginalData): %s\n", hex.EncodeToString(originalSignature)) + fmt.Printf("Verify OriginalSignature == SHA256(SecretKey || OriginalData): %v\n", verifySignature(secretKey, originalSignature, originalData)) fmt.Println("\n---------------------------------------------------------------------------------------------------\n") @@ -40,7 +40,7 @@ func main() { fmt.Println(hex.Dump(maliciousMessage)) } fmt.Printf("Malicious Signature: %s\n", hex.EncodeToString(maliciousSignature)) - fmt.Printf("Verify(SecretKey, maliciousMessage): %v\n", verifySignature(secretKey, maliciousSignature, maliciousMessage)) + fmt.Printf("Verify MaliciousSignature == SHA256(SecretKey, MaliciousMessage): %v\n", verifySignature(secretKey, maliciousSignature, maliciousMessage)) } func forgeSignature(secretKeyLength uint64, originalDataLength uint64, originalSignature []byte, maliciousData []byte) (forgedSignature []byte) {