Yes, you're absolutely right. When I said it's "almost the ideal situation"
I probably should have clarified what I meant.
I meant to say that in both WP-API's code and in textbook examples of hash
constructs specifically vulnerable to length extension attacks involve
concatenating the data you ar
Hi! I believe that what you're saying in number 2 is not completely true.
I agree that an hmac is safer. Correct me if I'm wrong but $secret should
be at the beginning of the string in order to run a lenth extension attack.
Cheers,
Nahu.-
On Tuesday, 28 October 2014, Scott Arciszewski wrote:
... or more accurately, asleep at the wheel!
___
_/ STORY TIME (feel free to skip this if you don't care) \__
|
