mirror of
https://github.com/EdOverflow/bugbounty-cheatsheet.git
synced 2024-11-25 12:30:19 +00:00
Update crypto.md
formatting fixes.
This commit is contained in:
parent
168b1edca4
commit
11bb7e32b3
1 changed files with 3 additions and 3 deletions
|
@ -50,9 +50,9 @@
|
|||
|
||||
**Length extension attack**
|
||||
|
||||
In cryptography and computer security, a length extension attack is a type of attack where an attacker can use `Hash(message1)` and the length of message1 to calculate `Hash(message1 ∥ message2)` for an attacker-controlled message2.
|
||||
In cryptography and computer security, a length extension attack is a type of attack where an attacker can use `Hash(message1)` and the length of `message1` to calculate `Hash(message1 ∥ message2)` for an attacker-controlled `message2`.
|
||||
|
||||
TL;DR: given a hash that is composed of a string with an unknown prefix, an attacker can append to the string and produce a new hash that still has the unknown prefix.
|
||||
In Summary: Given a hash that is composed of a string with an unknown prefix, an attacker can append to the string and produce a new hash that still has the unknown prefix.
|
||||
|
||||
An example:
|
||||
|
||||
|
@ -67,7 +67,7 @@ http://example.com/download?file=report.pdf%80%00%00%00%00%00%00%00%00%00%00%00%
|
|||
|
||||
%00%00%A8/../../../../../../../etc/passwd&mac=ee40aa8ec0cfafb7e2ec4de20943b673968857a5
|
||||
```
|
||||
A related H1 report: https://hackerone.com/reports/251572
|
||||
A related HackerOne report: https://hackerone.com/reports/251572
|
||||
|
||||
Tool to extend a hash: https://github.com/iagox86/hash_extender
|
||||
|
||||
|
|
Loading…
Reference in a new issue