Length Extension Attacks Anti-Pattern

Severity: High

Summary

Hash length extension attacks exploit Merkle-Damgård construction vulnerabilities in MD5, SHA-1, and SHA-256. Attackers knowing hash(secret + message) and secret length can compute hash(secret + message + padding + attacker_data) without knowing the secret. This enables appending data to signed messages with valid signatures, completely breaking message integrity and authentication.

The Anti-Pattern

Never use vulnerable hash functions (MD5, SHA-1, SHA-256) in hash(secret + message) construction for MACs. Use HMAC instead.

BAD Code Example

# VULNERABLE: Using hash(secret + message) for message signature
import hashlib

SECRET_KEY = b"my_super_secret_key_16b" # 16 bytes