Skip to content
logo
Red wilds
Hash length extension attack
  • Privacy greenhouse
  • Defence blues
  • Purple crossroads
  • Indigo observatory
  • Contact
Initializing search
    • Unseen University Power & Light Co.
    • The Scarlet Semaphore
    • Myrddin’s menagerie
    • In: Where the falcons and foxes roam
    • Through: Where the raccoons burrow and rummage
      • The art of staying where you are not wanted
      • Overflowing the bin on purpose
      • Reverse engineering
      • Steganography
      • Crypto-attacks
        • Field notes from the bin-raider’s handbook
        • Crypto-attack runbooks
        • Picking the locks of logic
          • Secret recipes for digital mischief
          • AES: Faults, flips, and forgery
          • Hash function vulnerabilities
            • DCC Hash
            • DCC2 Hash
            • LM Hash
            • Message Digest 5
            • NT Hash
            • SHA-2 Hash
            • CISCO Salted Password
            • Hash length extension attack
              • Resources
            • SHA-3 Hash
          • The curiosity cabinet
      • Slipping through the cracks
    • Out: Where squirrels swipe the crown jewels
    • Resources

    Hash length extension attack¶

    RootMe challenge: Service - Hash length extension attack: H(key ∥ message)

    You can use Stephen Bradshaw’s hlextend module.

    Resources¶

    • Everything-you-need-to-know-about-hash-length-extension-attacks (blog.skullsecurity.org)

    2026-03-25 22:33
    © Copyright 2025, TyMyrddin.
    Created using Sphinx 7.2.6. and Sphinx-Immaterial

    Made with love in the Unseen University, 2025, with a forest garden fostered by /ut7