I apologize in advance if this question has been answered already. However, I have not been able to find an existing answer - despite the case being pretty simple and common I imagine. Perhaps there is some terminology that I do not know making me miss the obvious.

So here goes:

Assume we repeatedly SHA256-hash a "secret" value concatenated with different numbers and let an adversary know the hashed ...

I have been playing with SHA-2-256 in Julia and I noticed that the hashes produced don't appear to follow a uniform distribution. My understanding of secure hashing algorithms is that they should approximate a uniform distribution well, so they are not predictable.

Here is the Julia code I'm using:

using BitIntegers, Distributions, HypothesisTests, Random, SHA

function sha256_rounds()
    rounds::Arr ...

If I try to do MD5(SHA256(input)), what is the strength of this so-called double hashing approach?

Is it as strong as SHA256, or as strong as MD5, or as strong as SHA256 + MD5?

This is not a homework question btw, I am asking because of a real issue in my project. By right, I only need to do SHA256(input) on the input, and store it in a column in one MySQL table. But my practical concern is: SHA256 is o ...

I am working on an E2E encrypted app. I am using OpenPGP.js and storing public and private keys on the server. The private key is encrypted with a BIP39 passphrase which is stored in browser LocalStorage so it's never sent to a server. But I also need some credentials for users to login.

My idea is to make SHA256 from BIP39 passphrase and split it to two strings. First can be used for "username"  ...

I am reading about bitcoin and I am a little confused about "elliptic curve function" and "SHA256". Do they have the same properties? Can both be used to generate private and public key pairs?

The following NodeJS code, when run (v16.8.0), logs 512 to stdout.

const crypto = require("crypto");
const { privateKey } = crypto.generateKeyPairSync("rsa", {
    modulusLength: 4096,
});
const sign = crypto.createSign("RSA-SHA256").update("somestringtosign");
const signature = sign.sign(privateKey);
console.log(signature.length); // logs 512

If I change the modulus length to 2048, then 256 is logged  ...

I am reading a textbook and in there they explain the property of hash functions. In particular, they give an example of how unlikely it would be to find a second input value that would match the hash output of the original input. Here's the example:

We show now how Oscar could turn his ability to find collisions (modifying two messages) into an attack. He starts with two messages, for instance:

I have a text sentence that consists of 448 digits [0-9] [a-f] (in HEX format).

This text sentence is partially cut off, but I know the middle, and the beginning and end are damaged.

What I know is 322 known digits in the middle of a text sentence.

74 unknown digits at the beginning

52 unknown digits at the end

That is, the entire text Size: 224 bytes and it is hashed using the SHA256 hash algorith ...

I'm being asked to provide a solution for my internal customer. All network communication is internal and no applications nor their servers are accessible via the internet.

• REQUESTOR application will have a list of SSNs for 1000+ people that they need information for (different list of 1000+ each day).
• REPORTER application can run SQL queries and provide formatted output.
• DATAOWNER application has the  ...

In "A Boolean Circuit for SHA-256" by Steven Goldfeder, the author gives a Boolean circuit for SHA-256. I find this method very complicated.

May I ask how to construct a Boolean circuit for a hash function? I mean, given an algorithm of a hash function, how to transform it into a circuit as in the article?

I am acquiring binary data from a sensor and storing it in a file. As each byte of data is read from the sensor, it goes into a SHA256 hash. The length of the acquired data stream varies from one session to another. It is possible that an individual sample having a binary value of 10000000 could be encountered in the input stream prior to the end of the session's stream. How does the SHA256 hash algorit ...

I have 12 bytes (5 fixed and 8 variable) of data that will be passed to SHA-256, at the end only the last 5 (most significant) bytes of the 20 generated are checked, is there a way to generate the 8 variable bytes to fake this type of SHA-256 check?

I am designing an web api which needs to grant access to various client apps via an api key sent as http header. I know, not really how it should be done but I have no control over this part.

My current design for api key: have 16 bytes for the app id (a guid) in the database + 16 bytes randomly generated (keybytes). Due to company policy I was asked not to store api keys in the db so I store a s ...

I am trying to analyse a "uniqueness" game around Schnorr signatures. The game is described in $\textbf{B.}$ and I try to provide in $\textbf{1.}$ and $\textbf{2.}$ some incomplete answers to resolve it. Is it possible to fully solve it? I have not used in my analysis a reduction to the DL problem; maybe is there a way to reduce the game to it? Apologies for the lack of cryptographic rigour and thanks a l ...

If you have a look at a certificate encrypting google.com it advertises a 256-bit ECC key with ECDSA_P256 parameter. The signature algorithm is sha256RSA. I've been trying to achieve something similar by running the below set of commands, but since the -digest parameter I use is -sha256 the result is always sha256ECDSA signature algorithm. So the question is - how Google did that and is that achievable w ...

If someone found a scrambled BIP-39 24 word sequence how hard would it be to determine the correct sequence that yields someone's wallet.

Are there multiple different unique sequences of the same 24 words that will determine different bitcoin wallets?

How many?

Thanks

Usually one explains how the R1CS/QAPs and SNARKs work using examples of circuits with multiplication and addition nodes, and constructing polynomials from that is relatively straightforward. SHA-2 hashing uses complicated bit-wise arithmetic applied to itself multiple times, not simple multiplications and additions. How does one even construct a circuit to prove that a string hashes to a hash? Is there ...

I've heard about several instances where OSINT researchers were able to match user accounts from multiple data leaks purely based on their hashed passwords, assuming accounts had the same password on different sites. (Yes, even when there were no other identifying characteristics, such as re-used usernames, re-used email addresses, browser fingerprints, or IPs.)

As far as I know, these data leaks  ...

Hash functions such as SHA-256 takes a binary string as input. Now given a hex string when we convert it to a normal text string the computed SHA-256 value would be the same. Herein lies my problem

Let us consider a simple string in hexadecimals 2E; its SHA-256 value is cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8.

When converted into byte form should we write 46 or 046. In eit ...

For any bitcoin block we combine various Header fields to create a string which is an input to a 2 pass SHA algorithm. The resultant hash must match with the Hash in the Block header for the Block to be valid.

To test this logic as well as SHA algorithm, I used the header of Block number 695877 (https://blockchain.info/rawblock/695877?format=json) to create the Input string 04008020546c35998681264442 ...

I am trying to code SHA256 from scratch to understand its implementation based on the wiki pseudo code as its clear enough. But I am running into problems with the calculation of W[i] for the first block. I am sure I am missing the logic somewhere. Given a data string of size 80 Bytes (in Hex): "02000000aaf8ab82362344f49083ee4edef795362cf135293564c4070000000000000000c009bb6222e9bc4cdb8f26b2e8a2f8d16350969 ...

If the SHA256 algorithm is public, why can't attackers use it to create more collisions rendering the algorithm useless?

First, we consider those hash functions that can actually provide 256-bit pre-image security, and not something like SHAKE128<l=256bits> where the sponge parameters provides only a security capacity of 128-bit.

We know that cryptanalysis doesn't have just a time dimension - it also has a space dimension, i.e. the amount of working memory needed to execute the cryptanalysis algorithm. So if we expe ...

I found only the abstract and tables of this paper https://dl.acm.org/doi/abs/10.1145/3409501.3409513

From the abstract

In this paper, the researchers proved that the modified SHA256 is viable to length extension, brute-force and dictionary attacks. Randomness tests also showed uniform random distribution of the hashes generated by the modified SHA256

The meaning of each randomness test:

Monobit

Alice split a long string P into two segments A and B. A is relatively short and B is long.

H = sha256(A + B)

Bob does not know P, but knows H.

Is it possible for Alice to prove to Bob that A is the prefix of P, but only needs to provide additional information much shorter than B?

The Setup

I have a table of values for which I need to compute a salted hash for each table-cell value. Furthermore, I need the salt for each table cell to be unique and unpredictable. (I can explain what motivates this need later, but for now I don't want to distract from the problem statement.)

Now I don't want to add an extra column per existing column in a table just to store this unique, per-cell ...