# 📝Length extension attack

tags
§ Cryptography

Length extension attack is an attack on some hashing function. It allows attacker to calculate $Hash(message_1 || message_2)$ if $Hash(message_1)$ and size of $message_1$ is known (without knowing the message itself).

Algorithms like MD5, SHA-1, SHA-2 are susceptible to this attack.

This is an issue when hash functions are used to authenticate messages as $Hash(key || message)$.

Since HMAC does not use this construct, it is not prone to Length extension attack.