

Exploiting SHA-1-signed messages - zaptheimpaler
http://journal.batard.info/post/2011/03/04/exploiting-sha-1-signed-messages

======
zaptheimpaler
Here's another post that discusses the same technique - extension attacks on
SHA-1-signed messages. <https://blog.whitehatsec.com/hash-length-extension-
attacks/>

The idea is that if a message is being signed using SHA-1 to prevent tampering
from the user side, given an existing message/SHA-1 hash combo and the length
of the secret key (which you can guess after a few trials), its possible to
craft arbitrary messages and sign them without obtaining the secret key.

This came up while I was doing the Stripe CTF 2.0, and I thought it was an
interesting read.

