Note SHA-256 length extension attack, HMAC, replay attacks

[david-a-wheeler]

For more:

• https://kerkour.com/sha256-length-extension-attacks
• https://news.ycombinator.com/item?id=36058754

[nmav]

Mentioning that a hash should not be used as a MAC with the length extension attack example aligns with the message of not creating own cryptography when it exists. For message authentication codes, HMAC is good for a historical context, and mentioning the modern MACs such as KMAC - SHA3-based (NIST.SP.800-185), and universal hashes such as poly1305 would make sense.