Flickr's API Signature Forgery Vulnerability (vnhacker.blogspot.com) 19 points by thaidn 16y ago ↗ HN
[–] DrewHintz 16y ago ↗ Can we please stop using MD5? [–] juli 16y ago ↗ MD5 is not the problem here, SHA1 is also vulnerable to the extension attack. They should use HMAC.
[–] juli 16y ago ↗ MD5 is not the problem here, SHA1 is also vulnerable to the extension attack. They should use HMAC.
[–] nopal 16y ago ↗ Does anyone know what Flickr did to address this vulnerability?They didn't move to using HMAC.Are they just filtering 0x80 and 0x00?
3 comments
[ 171 ms ] story [ 1105 ms ] threadThey didn't move to using HMAC.
Are they just filtering 0x80 and 0x00?