2023 Mar 24

• Figured out cryptopals challenge 29. Sha1 mac length extension attack. As long as you can guess the length of the original message (which is a simple loop), given a secret-prefix SHA1 mac, you can extend the message. I think you could block this attack however if you parsed for an ending suffix (i.e. only read/authenticate the message up to this suffix and make sure not to expose whether this was the issue to the attacker as that differentiation may lead to some shenanigans (as we’ve seen in many other attacks)).

• Possible learning side quests for getting better at rust

  • Revisit the book, rust by example, and rustlings

  • Learn haskell (I’ll just wait for class next semester…?)

  • Read ultralearning