Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?


Failed to load latest commit information.
Latest commit message
Commit time
Jan 26, 2023
Jan 26, 2023


Pure Python Hash Length Extension module.

Currently supports SHA1, SHA256 and SHA512, more algorithms will be added in the future.

Create a hash by calling one of the named constuctor functions: sha1(), sha256(), and sha512(), or by calling new(algorithm).

The hash objects have the following methods:


    Feeds data into the hash function using the normal interface.

extend(appendData, knownData, secretLength, startHash):

    Performs a hash length extension attack.  Returns the bytestring to
    use when appending data.


    Returns a hexlified version of the hash output.

Assume you have a hash generated from an unknown secret value concatenated with a known value, and you want to be able to produce a valid hash after appending additional data to the known value.

If the hash algorithm used is one of the vulnerable functions implemented in this module, is is possible to achieve this without knowing the secret value as long as you know (or can guess, perhaps by brute force) the length of that secret value. This is called a hash length extension attack.

Given an existing sha1 hash value '52e98441017043eee154a6d1af98c5e0efab055c', known data of 'hello', an unknown secret of length 10 and data you wish to append of 'file', you would do the following to perform the attack:

>>> import hlextend
>>> sha ='sha1')
>>> print(sha.extend(b'file', b'hello', 10, '52e98441017043eee154a6d1af98c5e0efab055c'))
>>> print(sha.hexdigest())

The unknown secret (of length 10), that when hashed appended with 'hello' produces a SHA1 hash of '52e98441017043eee154a6d1af98c5e0efab055c', will then produce a SHA1 hash of 'c60fa7de0860d4048a3bfb36b70299a95e6587c9' when appended with the output from the extend function above.

If you are not sure of the exact length of the secret value, simply try the above multiple times specifying different values for the length to brute force.