You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
One more issue. Hash functions like MD5 rely on applying their state iteratively. You can add something to an existing hash by taking the hash and just running the digest with it and the new content.
So this does not protect against someone adding things to an archive. This is known as a length extension attack in cryptography:
The fix for #6 took about 8 hours. To add a secure hash algorithm, such as described here, we would either need to redo much of the testing work around that, or add some new tests. Consider adding this feature via a --secure flag. As this utility is a proof of concept, it's probably a good idea to allow both methods and for folks to see it working purely, and with the counter-length-extension attacks mitigated as well.
Matt left some important info on the OPF blog:
This looks like something that can be added easily.
The text was updated successfully, but these errors were encountered: