https://wiki.riguz.com/index.php?action=history&feed=atom&title=Security%3A%E5%93%88%E5%B8%8C%E9%95%BF%E5%BA%A6%E6%89%A9%E5%B1%95%E6%94%BB%E5%87%BB
Security:哈希长度扩展攻击 - 版本历史
2026-06-02T21:26:23Z
本wiki上该页面的版本历史
MediaWiki 1.42.3
https://wiki.riguz.com/index.php?title=Security:%E5%93%88%E5%B8%8C%E9%95%BF%E5%BA%A6%E6%89%A9%E5%B1%95%E6%94%BB%E5%87%BB&diff=1774&oldid=prev
imported>Soleverlee:Soleverlee移动页面哈希长度扩展攻击至Security:哈希长度扩展攻击,不留重定向
2016-12-20T01:19:15Z
<p>Soleverlee移动页面<a href="/index.php?title=%E5%93%88%E5%B8%8C%E9%95%BF%E5%BA%A6%E6%89%A9%E5%B1%95%E6%94%BB%E5%87%BB&action=edit&redlink=1" class="new" title="哈希长度扩展攻击(页面不存在)">哈希长度扩展攻击</a>至<a href="/Security:%E5%93%88%E5%B8%8C%E9%95%BF%E5%BA%A6%E6%89%A9%E5%B1%95%E6%94%BB%E5%87%BB" title="Security:哈希长度扩展攻击">Security:哈希长度扩展攻击</a>,不留重定向</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<tr class="diff-title" lang="zh-Hans-CN">
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">←上一版本</td>
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">2016年12月20日 (二) 01:19的版本</td>
</tr><tr><td colspan="2" class="diff-notice" lang="zh-Hans-CN"><div class="mw-diff-empty">(没有差异)</div>
</td></tr></table>
imported>Soleverlee
https://wiki.riguz.com/index.php?title=Security:%E5%93%88%E5%B8%8C%E9%95%BF%E5%BA%A6%E6%89%A9%E5%B1%95%E6%94%BB%E5%87%BB&diff=1773&oldid=prev
2016年9月4日 (日) 02:35 imported>Soleverlee
2016-09-04T02:35:06Z
<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="zh-Hans-CN">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">←上一版本</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">2016年9月4日 (日) 02:35的版本</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l45">第45行:</td>
<td colspan="2" class="diff-lineno">第45行:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*https://github.com/soleverlee/hash_extender</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*https://github.com/soleverlee/hash_extender</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*http://www.freebuf.com/articles/web/69264.html</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*http://www.freebuf.com/articles/web/69264.html</div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">*http://netifera.com/research/flickr_api_signature_forgery.pdf</ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category:Programe]]</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category:Programe]]</div></td></tr>
</table>
imported>Soleverlee
https://wiki.riguz.com/index.php?title=Security:%E5%93%88%E5%B8%8C%E9%95%BF%E5%BA%A6%E6%89%A9%E5%B1%95%E6%94%BB%E5%87%BB&diff=1772&oldid=prev
imported>Soleverlee:以“典型的hash算法,hash = md5((secret + data)),在服务器会校验hash的值。在不知道secret的情况下,如果知道secret的长度,可以算出一...”为内容创建页面
2016-09-04T02:25:47Z
<p>以“典型的hash算法,hash = md5((secret + data)),在服务器会校验hash的值。在不知道secret的情况下,如果知道secret的长度,可以算出一...”为内容创建页面</p>
<p><b>新页面</b></p><div>典型的hash算法,hash = md5((secret + data)),在服务器会校验hash的值。在不知道secret的情况下,如果知道secret的长度,可以算出一个吻合的hash值。举例如下:<br />
*服务器的secret = "secret", 加密算法为md5((secret + data))<br />
*服务器算好后,把data和hash值一起给客户端<br />
*服务器接收到请求后,通过再次计算比对,如果匹配证明是合法的请求<br />
<br />
比如data = "data",正常情况下,可以算出一对值:<br />
<source lang="python"><br />
secret = "akSK06mn91c2MxARSrOBTqdmhVCMkkoZ"<br />
data = "riguz"<br />
token = secret + data = "akSK06mn91c2MxARSrOBTqdmhVCMkkoZriguz";<br />
md5 = md5(token) = "38a67feac3cf91cf3e68467ae803a21b"<br />
</source><br />
现在,利用[https://github.com/soleverlee/hash_extender hash_extender]可以计算出一对值:<br />
<pre><br />
./hash_extender --data riguz --secret 32 --append helloworld --signature 38a67feac3cf91cf3e68467ae803a21b --out-data-format html --table<br />
md4 dd0c44d807b1c3ca0365b1e656fd1d39 riguz%80%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%28%01%00%00%00%00%00%00helloworld<br />
md5 1800bc243a00db801833b6e48c1b74ef riguz%80%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%28%01%00%00%00%00%00%00helloworld<br />
</pre><br />
其中%80%00这种是URL编码后的字符串,即0x80,。假设服务端收到这个字符串,会进行匹配,我们用java代码模拟一下:<br />
<source lang="java"><br />
String test = "akSK06mn91c2MxARSrOBTqdmhVCMkkoZriguz%80%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%28%01%00%00%00%00%00%00helloworld";<br />
try {<br />
String t = URLDecoder.decode(test, "ISO-8859-1");<br />
String hex = Hex.hexViewer(t.getBytes("ISO-8859-1"));<br />
System.out.println(hex);<br />
String md5 = Hashs.encrypt("MD5", t.getBytes("ISO-8859-1"));<br />
System.out.println("MD5:" + md5);<br />
} catch (UnsupportedEncodingException e) {<br />
e.printStackTrace();<br />
}<br />
</source><br />
输出为:<br />
<pre><br />
Address / 0 1 2 3 4 5 6 7 8 9 a b c d e f Dump<br />
00000000| 61 6b 53 4b 30 36 6d 6e 39 31 63 32 4d 78 41 52 akSK06mn91c2MxAR<br />
00000010| 53 72 4f 42 54 71 64 6d 68 56 43 4d 6b 6b 6f 5a SrOBTqdmhVCMkkoZ<br />
00000020| 72 69 67 75 7a 80 00 00 00 00 00 00 00 00 00 00 riguz<br />
00000030| 00 00 00 00 00 00 00 00 28 01 00 00 00 00 00 00 <br />
00000040| 68 65 6c 6c 6f 77 6f 72 6c 64 _ _ _ _ _ _ helloworld<br />
<br />
MD5:1800bc243a00db801833b6e48c1b74ef<br />
</pre><br />
可以看出算出的md5值与hash_extender生成的md5值是匹配的,如果服务器做比对的话,就会认为这个值是合理的。<br />
Refer:<br />
*https://github.com/soleverlee/hash_extender<br />
*http://www.freebuf.com/articles/web/69264.html<br />
<br />
[[Category:Programe]]</div>
imported>Soleverlee