Will length-extension work if secret is not prefixed but appended to the data?

Asked Jan 04 '13 at 14:47

Active Jan 04 '13 at 14:47

Viewed 55 times

Possible Duplicate:
Why is h(m||k) insecure?

Length-extension allows to append any data to the message while not knowing the secret. Any length-extension explaination one the web considers the situation when the secret is prefixed to the data, but is this attack applicable to the situations when the secret is appended to the data?

edited Apr 13 '17 at 12:48

Community

asked Jan 04 '13 at 14:47

Thomas

1

No it isn't. But compared to, e.g., HMAC, it suffers from other flaws. See: Why is h(m||k) insecure? – Dennis Jan 04 '13 at 15:04
I closed the message as a duplicate of the message mentioned by Dennis. If you think your question is actually not a duplicate, please make edit it to make the difference clear and comment here, so we can reopen it. – Paŭlo Ebermann Jan 04 '13 at 19:18

Will length-extension work if secret is not prefixed but appended to the data?

0 Answers0