3 comments

[ 171 ms ] story [ 1105 ms ] thread
Can we please stop using MD5?
MD5 is not the problem here, SHA1 is also vulnerable to the extension attack. They should use HMAC.
Does anyone know what Flickr did to address this vulnerability?

They didn't move to using HMAC.

Are they just filtering 0x80 and 0x00?