- § Cryptography
Length extension attack is an attack on some hashing function. It allows attacker to calculate if and size of is known (without knowing the message itself).
Algorithms like MD5, SHA-1, SHA-2 are susceptible to this attack.
This is an issue when hash functions are used to authenticate messages as .
Since HMAC does not use this construct, it is not prone to Length extension attack.