In my previous post, I explained how we used SHA-256 to cryptographically sign HTTP requests between an Arduino called DoorDuino and a Ruby app known as Doorbot. However, that system was vulnerable to a hash length extension attack. To understand how extension attacks work, let's first discuss how SHA-256 hashes strings.
