W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2014

Subresource Integrity Length Extension?

From: Andrew <andrew@nelless.net>
Date: Mon, 27 Jan 2014 16:50:26 +0000
Message-ID: <CABoWKxiM=4ZQ59d1bn=9F3THpzA=7ymzLLPeivw2QMfAG+2Hnw@mail.gmail.com>
To: public-webappsec@w3.org
Forgive me if I'm mistaken, but the current hashing solution detailed
in the Subresource Integrity specification seems to be silent on the
the possibility of length extension with Merkle–Damgård type hash
functions like the SHA family.

http://en.wikipedia.org/wiki/Length_extension_attack

One solution would to be use a HMAC construction where the 'key'
material is composed from resource meta data, including the verified
Content-Length, or to mandate a hash function immune to such attacks,
such as SHA-3.

Regards,

Andrew
Casual Enthusiast
Received on Monday, 27 January 2014 22:12:00 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:04 UTC