SHA2's weakness explained by Dr Mike Pound -- Check out Brilliant's courses and start for free at https://brilliant.org/computerphile/ (episode sponsor) -- More links in full description below ↓↓↓

SHA2 is susceptible to a length extension attack, meaning supposedly secure messages can be added to and still pass certain security tests.

Computerphile is supported by Jane Street. Learn more about them (and exciting career opportunities) at: https://jane-st.co/computerphile

This video was filmed and edited by Sean Riley.

Computerphile is a sister project to Brady Haran's Numberphile. More at https://www.bradyharanblog.com

Computerphile is a YouTube channel and platform dedicated to computer science education, featuring videos on a wide range of topics, from algorithms and data structures to computer hardware and software engineering. Readers can learn about computer science concepts, programming languages, and the history of computing. With engaging videos, expert interviews, and educational content, Computerphile provides a resource for students, educators, and technology enthusiasts.

Computerphile

Hash length extension attacks exploit a vulnerability in SHA-2 and MD5 hash functions where attackers can append data to authenticated messages without knowing the secret key. The attack works because SHA-2 exposes its internal state in the final hash output, allowing attackers to resume hashing from that point. This vulnerability affects message authentication codes that simply append a key to the message before hashing. SHA-3 prevents this attack through its capacity mechanism that keeps part of the internal state hidden, while HMAC provides protection by hashing twice.

SHA2 Fatal Flaw? (Hash Length Extension Attack) - Computerphile