If you're using one of the pre-SHA-3 error secure hash functions which
is vulnerable to length-extension attacks (e.g. SHA-256), then a good
fix is the "HASH_d" technique suggested in Ferguson and Schneier's
"Practical Cryptography" book (whose new edition is Ferguson,
Schneier, and Kohno's "Crypto
Yes, when the SHA-3 process was launched—in the exciting time when MD5
and SHA-1 had been dramatically shown to be weak—it seemed like we
were in danger of waking up one day and finding out that we had no
strong hash functions left. It was prudent to get started on SHA-3
ASAP in order to have an al
