The idea is that if a message is being signed using SHA-1 to prevent tampering from the user side, given an existing message/SHA-1 hash combo and the length of the secret key (which you can guess after a few trials), its possible to craft arbitrary messages and sign them without obtaining the secret key.
This came up while I was doing the Stripe CTF 2.0, and I thought it was an interesting read.
The idea is that if a message is being signed using SHA-1 to prevent tampering from the user side, given an existing message/SHA-1 hash combo and the length of the secret key (which you can guess after a few trials), its possible to craft arbitrary messages and sign them without obtaining the secret key.
This came up while I was doing the Stripe CTF 2.0, and I thought it was an interesting read.