|
|
|
|
|
|
by jaekwon
4562 days ago
|
|
|
> the biggest problem is that the SHA1 digest of a message is not an authenticator of that message, because an attacker can generate the same digest given only the contents of the message. Curious, if the secret token comes after the message & there is proper delimiters to separate the message from the secret, where is the vulnerability? Take a look at this link: https://blog.jcoglan.com/2012/06/09/why-you-should-never-use... Am I correct to think that the example cited is bad? It appears that it would be a strong MAC because of the reasons that I cited. |
|
|