You may also need the length of `secret`

[MagShadow]

in your text you say

Knowing only data, H, and signature, the attacker's goal is to append 'append' to data and generate a valid signature for the new data. And that's easy to do! Let's see how.

but actually, you need the length of secret to calculate the length of padding?

[iagox86]

Yes, unfortunately you do. I should mention that in the text.

…

On Thu, Oct 25, 2018 at 2:51 AM 勇者护手 ***@***.***> wrote: in your text you say Knowing only data, H, and signature, the attacker's goal is to append 'append' to data and generate a valid signature for the new data. And that's easy to do! Let's see how. but actually, you need the length of secret to calculate the length of padding? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#10>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAgITEyeoOQREnqwp7yhm0L_SqrdBQVsks5uoYmDgaJpZM4X551Z> .