- From: Andrew <andrew@nelless.net>
- Date: Mon, 27 Jan 2014 16:50:26 +0000
- To: public-webappsec@w3.org
Forgive me if I'm mistaken, but the current hashing solution detailed in the Subresource Integrity specification seems to be silent on the the possibility of length extension with Merkle–Damgård type hash functions like the SHA family. http://en.wikipedia.org/wiki/Length_extension_attack One solution would to be use a HMAC construction where the 'key' material is composed from resource meta data, including the verified Content-Length, or to mandate a hash function immune to such attacks, such as SHA-3. Regards, Andrew Casual Enthusiast
Received on Monday, 27 January 2014 22:12:00 UTC