Does length-prepending stop length-extension attacks on Merkle-Damgård hash functions, assuming that the length is checked?
Asked
Active
Viewed 256 times
1 Answers
6
Yes, if the length is formatted in a constant-size value (e.g. 64-bit field) or in an otherwise uniquely decodable manner.
With such a length field, no hash input can be the the prefix of another valid input. Thus there is no length-extension attack.
(Assumptions include that you reveal no intermediate values, of course.)
otus
- 32,132
- 5
- 70
- 165