Guest list (prefix MAC) length extension attack #1
Description
Here's an example exercise text:
There's a guest list for a cool party that you really want to get in to. The party has a guest list on a website. You can access it as guest-list. The website shows the current guest list, and lets you upload a new one. The guest list is a newline-separated list of people.
The party organizers only want people who know the secret password to be able to update the list. Because one of them is very smart, they didn't want to just make you submit the password, where anyone could intercept it. Instead, you have to produce a signature like so:
signature = sha256(password + guest_list)
Add the e-mail address you used to register to the end of the list.