Robust code cries often and loudly as soon as something is not right. It does not cower away in corners of obscurity hoping that no one will notice, until one day, shit hits the fan.
Any serious python code contains proper use of exceptions, errors, and asserts. In fact, I would argue that their presence defines the difference between one-off throwaway scripts and robust library code.
Imagine a python interpreter without these facilities. What would the scenario look like?
Ben Adida suggests that you don’t hash your secrets.
That means that if you know SHA1(secret || message), then you can compute SHA1(secret || message || ANYTHING), which is a valid signature for message || ANYTHING. So to break this system, you just need to see one signature.
Not being a cryptography expert, I was blown away by his article. At the core of his post is the idea that given a hash digest of a message, one could compute the hash of message + appended_message without even knowing the original message.
I had to see this for myself. Was it that easy to extend an MD5 or SHA1 hash?
Below, you’ll find working python code and an explanation for spoofing signatures signed with the MD5 algroithm.
