University
Hash Length Extension Attack Lab
Yones Azzab
CSIS 463_B01
, Hash Length Extension Attack Lab | 1
Introduction
During these tasks series I delved into areas of web security and cryptographic integrity
by engaging in exercises hands on. By configuring Docker and Ubuntu setups I gained insights,
on managing MAC ( Message Authentication Code ) computations, applying padding methods
and executing length extension assaults. These tasks tested my grasp of encryption techniques
and the significance of employing algorithms such, as HMAC to thwart weaknesses.
Firstly I set up the SEED lab environment on Windows with Docker and WSL by installing
required components and setting up the files needed for the setup to work properly. Once I got
the lab up and running smoothly I then started to communicate with the server by sending
requests and examining the responses it provided. Following that step I worked on activities
such, as accessing files, in the system computing MAC values doing padding calculations and
carrying out attacks using customized C programs. The initial assignments revolved around
grasping MAC and padding concepts.I created MAC codes by retrieving keys, from server
documents and applying them to transmit URL requests.Then I crafted padding by computing
message lengths and verifying that the overall size aligned with the specified block size.
The length extension attack played a role in my experiment as I added data to an existing
message and created a new MAC with a specialized C program I developed myself.Thus the
server was updated to use HMAC for MAC generation in order to prevent the length extension
attack, from being successful, in the future. Each of these tasks offered a view of how encryption
techniques safeguard online platforms and the significance of implementing them securely to
, Hash Length Extension Attack Lab | 2
fend off potential risks effectively.I acquired a grasp of encryption methods, in these activities
along, with padding techniques.
Method
There were four tasks in this lab to be completed. I described in detail how I go about
finishing each assignment.
In The Beginning:
I started by installing Docker Desktop using the following steps:
1. Download Docker for Windows from the official Docker website.
2. Follow the installation instructions and ensure Docker is running properly on the
machine.
Next, I installed WSL 2 (Windows Subsystem for Linux) by running the following command in
PowerShell (as Administrator):
wsl --install
After I rebooted the device. Then set up Ubuntu 20;04 through the Microsoft Store as my
WSL distribution. After configuring WSL and getting it up and running smoothly on my system
I connected Docker to it by activating Ubuntu 20. 04 Within the "WSL Integration" options, in
Docker Desktops settings. After going to the SEED Labs website and getting the required files
from Labsetup.zip to a directory, on my computer I opened Ubuntu (WSL). Then I moved to the
folder where I placed the extracted files by using this command;