Month: December 2013

  • Hash Length Extension in HTMLPurifier

    HTMLPurifier is a PHP library that helps to protect against XSS by filtering bad HTML and only allowing harmless markup. Recently a new version of HTMLPurifier has been released that fixes a hash length extension issue that I reported some time ago. Hash length extension is a crypto attack against algorithms based on Merkle-Damgard construction…