Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
stephenbradshaw
committed
Aug 23, 2014
0 parents
commit 6368074
Showing
3 changed files
with
624 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
hlextend | ||
======== | ||
|
||
Pure Python Hash Length Extension module. | ||
|
||
Currently supports SHA1, SHA256 and SHA512, more algorithms will | ||
be added in the future. | ||
|
||
|
||
Create a hash by calling one of the named constuctor functions: | ||
sha1(), sha256(), and sha512(), or by calling new(algorithm). | ||
|
||
The hash objects have the following methods: | ||
|
||
hash(message): | ||
|
||
Feeds data into the hash function using the normal interface. | ||
|
||
extend(appendData, knownData, secretLength, startHash, raw=False): | ||
|
||
Performs a hash length extension attack. Returns the string to | ||
use when appending data. | ||
|
||
hexdigest(): | ||
|
||
Returns a hexlified version of the hash output. | ||
|
||
|
||
Assume you have a hash generated from an unknown secret value concatenated with | ||
a known value, and you want to be able to produce a valid hash after appending | ||
additional data to the known value. | ||
|
||
If the hash algorithm used is one of the vulnerable functions implemented in | ||
this module, is is possible to achieve this without knowing the secret value | ||
as long as you know (or can guess, perhaps by brute force) the length of that | ||
secret value. This is called a hash length extension attack. | ||
|
||
|
||
Given an existing sha1 hash value '52e98441017043eee154a6d1af98c5e0efab055c', | ||
known data of 'hello', an unknown secret of length 10 and data you wish | ||
to append of 'file', you would do the following to perform the attack: | ||
|
||
>>> import hlextend | ||
>>> sha = hlextend.new('sha1') | ||
>>> print sha.extend('file', 'hello', 10, '52e98441017043eee154a6d1af98c5e0efab055c') | ||
'hello\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 | ||
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 | ||
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00xfile' | ||
>>> print sha.hexdigest() | ||
c60fa7de0860d4048a3bfb36b70299a95e6587c9 | ||
|
||
The unknown secret (of length 10), that when hashed appended with 'hello' produces | ||
a SHA1 hash of '52e98441017043eee154a6d1af98c5e0efab055c', will then produce | ||
a SHA1 hash of 'c60fa7de0860d4048a3bfb36b70299a95e6587c9' when appended with the output | ||
from the extend function above. | ||
|
||
If you are not sure of the exact length of the secret value, simply try the above | ||
multiple times specifying different values for the length to brute force. |
Oops, something went wrong.