MDFlag

This is a challenge about length extension attack on hashes like MD5 and SHA1 that uses the Merkle-Damgard construction. More on that can be found in this link, and a good Youtube video about this topic, if you can understand Vietnamese, is this series by CyberJutsu. The following is written under the assumption that you have some experience with the attack. In MD5 hash extension attack, it is often the case that we are allowed to extend the secret with some arbitrary data that we decide....

January 13, 2023 · 9 min · qvinhprolol

MD0

The code is vulnerable to hash length extension attack. The hash for a message with a new block appended can be computed from the hash of the old message, and xor with the result of encrypting the old hash with the key as the new block. Denote $H$ as the old hash, $H’$ as the new hash, the newly appended block as $B$, and encryption as $E$, we have the relation:...

January 11, 2023 · 2 min · qvinhprolol