HL101

MD5, SHA-1, RIPEMD-160, Whirlpool and the SHA-256 / SHA-512 hash algorithms all vulnerable to length-extension attacks and should not be used for obfuscating or protecting data without HMAC.

Length extension attacks allow an attacker to construct the H(secret|message|append) given only H(secret|message) and the length of secret|message. The attack uses the output hash to reconstruct the internal state of the hash function. From there, it is trivial to feed the hash function the data to be appended and output the new hash.

Examples

The following examples would raise a warning:

import hashlib
hashlib.new('sha256')
import hashlib
hashlib.whirlpool()

Fix

Use another hashing algorithm, e.g. blake2