# Questions tagged as ['sha-256']

SHA-256 is part of the SHA-2 family of hash functions with a 256-bit output and a 128-bit security level.
Score: 0
Reverse SHA256 Hashed Value from Multiple Instances where Part of Hashed Value is known

I apologize in advance if this question has been answered already. However, I have not been able to find an existing answer - despite the case being pretty simple and common I imagine. Perhaps there is some terminology that I do not know making me miss the obvious.

So here goes:

Assume we repeatedly SHA256-hash a "secret" value concatenated with different numbers and let an adversary know the hashed ...

Score: 0
SHA-256 doesn't follow a uniform distribution?

I have been playing with SHA-2-256 in Julia and I noticed that the hashes produced don't appear to follow a uniform distribution. My understanding of secure hashing algorithms is that they should approximate a uniform distribution well, so they are not predictable.

Here is the Julia code I'm using:

``````using BitIntegers, Distributions, HypothesisTests, Random, SHA

function sha256_rounds()
rounds::Arr ...``````
Score: 2
How strong if I combine two hash functions, such as MD5(SHA256(input))?

If I try to do `MD5(SHA256(input))`, what is the strength of this so-called double hashing approach?

Is it as strong as SHA256, or as strong as MD5, or as strong as SHA256 + MD5?

This is not a homework question btw, I am asking because of a real issue in my project. By right, I only need to do `SHA256(input)` on the input, and store it in a column in one MySQL table. But my practical concern is: SHA256 is o ...

Score: 1
Can I use SHA256 from BIP39 passphrase for auth credentials?

I am working on an E2E encrypted app. I am using OpenPGP.js and storing public and private keys on the server. The private key is encrypted with a BIP39 passphrase which is stored in browser LocalStorage so it's never sent to a server. But I also need some credentials for users to login.

My idea is to make SHA256 from BIP39 passphrase and split it to two strings. First can be used for "username"  ...

Score: 1
What is the difference between "Elliptic Curve Function" and "Hash Functions" like SHA256?

I am reading about bitcoin and I am a little confused about "elliptic curve function" and "SHA256". Do they have the same properties? Can both be used to generate private and public key pairs?

Score: 0
Does the signature length of RS256 depend on the size of the RSA key used for signing?

The following NodeJS code, when run (v16.8.0), logs `512` to stdout.

``````const crypto = require("crypto");
const { privateKey } = crypto.generateKeyPairSync("rsa", {
modulusLength: 4096,
});
const sign = crypto.createSign("RSA-SHA256").update("somestringtosign");
const signature = sign.sign(privateKey);
console.log(signature.length); // logs 512
``````

If I change the modulus length to `2048`, then `256` is logged  ...

Score: 2
\$2^{64}\$ versions of the same message

I am reading a textbook and in there they explain the property of hash functions. In particular, they give an example of how unlikely it would be to find a second input value that would match the hash output of the original input. Here's the example:

We show now how Oscar could turn his ability to find collisions (modifying two messages) into an attack. He starts with two messages, for instance:

Score: 0
Is it possible to get the SHA256 hash collision with partial known data

I have a text sentence that consists of `448 digits [0-9] [a-f]` (in HEX format).

This text sentence is partially cut off, but I know the middle, and the beginning and end are damaged.

What I know is `322 known digits` in the middle of a text sentence.

`74 unknown digits` at the beginning

`52 unknown digits` at the end

That is, the entire text `Size: 224 bytes` and it is hashed using the SHA256 hash algorith ...

Score: 0
Protect PII in-transit via hash comparison

I'm being asked to provide a solution for my internal customer. All network communication is internal and no applications nor their servers are accessible via the internet.

• REQUESTOR application will have a list of SSNs for 1000+ people that they need information for (different list of 1000+ each day).
• REPORTER application can run SQL queries and provide formatted output.
• DATAOWNER application has the  ...
Score: 2
How to generate a circuit for SHA-256?

In "A Boolean Circuit for SHA-256" by Steven Goldfeder, the author gives a Boolean circuit for SHA-256. I find this method very complicated.

May I ask how to construct a Boolean circuit for a hash function? I mean, given an algorithm of a hash function, how to transform it into a circuit as in the article?

Score: 0
When inputting a stream of raw binary values to a SHA256 hash and a value of 10000000 is encountered in the input stream, does the hash end?

I am acquiring binary data from a sensor and storing it in a file. As each byte of data is read from the sensor, it goes into a SHA256 hash. The length of the acquired data stream varies from one session to another. It is possible that an individual sample having a binary value of 10000000 could be encountered in the input stream prior to the end of the session's stream. How does the SHA256 hash algorit ...

Score: 0
How to find the right data for generate a partial SHA-256

I have 12 bytes (5 fixed and 8 variable) of data that will be passed to SHA-256, at the end only the last 5 (most significant) bytes of the 20 generated are checked, is there a way to generate the 8 variable bytes to fake this type of SHA-256 check?

Score: 1
API key generation technique

I am designing an web api which needs to grant access to various client apps via an api key sent as http header. I know, not really how it should be done but I have no control over this part.

My current design for api key: have 16 bytes for the app id (a guid) in the database + 16 bytes randomly generated (keybytes). Due to company policy I was asked not to store api keys in the db so I store a s ...

Score: 4
Uniqueness and Schnorr signatures

I am trying to analyse a "uniqueness" game around Schnorr signatures. The game is described in $$\textbf{B.}$$ and I try to provide in $$\textbf{1.}$$ and $$\textbf{2.}$$ some incomplete answers to resolve it. Is it possible to fully solve it? I have not used in my analysis a reduction to the DL problem; maybe is there a way to reduce the game to it? Apologies for the lack of cryptographic rigour and thanks a l ...

Score: 0
Generating certificate using ECDSA_P256 algorithm but with sha256RSA signature

If you have a look at a certificate encrypting google.com it advertises a 256-bit ECC key with `ECDSA_P256` parameter. The signature algorithm is sha256RSA. I've been trying to achieve something similar by running the below set of commands, but since the `-digest` parameter I use is `-sha256` the result is always sha256ECDSA signature algorithm. So the question is - how Google did that and is that achievable w ...

Score: 1
Number of Legitimate Bitcoin Wallets from unsequenced set of 24 Words

If someone found a scrambled BIP-39 24 word sequence how hard would it be to determine the correct sequence that yields someone's wallet.

Are there multiple different unique sequences of the same 24 words that will determine different bitcoin wallets?

How many?

Thanks

Score: 0
How does one construct a SNARK circuit for proving the knowledge of a SHA256 pre-image?

Usually one explains how the R1CS/QAPs and SNARKs work using examples of circuits with multiplication and addition nodes, and constructing polynomials from that is relatively straightforward. SHA-2 hashing uses complicated bit-wise arithmetic applied to itself multiple times, not simple multiplications and additions. How does one even construct a circuit to prove that a string hashes to a hash? Is there ...

Score: 1
Matching accounts across multiple data leaks via their hashed passwords

I've heard about several instances where OSINT researchers were able to match user accounts from multiple data leaks purely based on their hashed passwords, assuming accounts had the same password on different sites. (Yes, even when there were no other identifying characteristics, such as re-used usernames, re-used email addresses, browser fingerprints, or IPs.)

As far as I know, these data leaks  ...

Score: 0
Doubt regarding converting hex to byte in SHA-256 input

Hash functions such as SHA-256 takes a binary string as input. Now given a hex string when we convert it to a normal text string the computed SHA-256 value would be the same. Herein lies my problem

Let us consider a simple string in hexadecimals `2E`; its SHA-256 value is `cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8`.

When converted into byte form should we write `46` or `046`. In eit ...

Score: -1
How to pad in the SHA256 Algorithm (an example using Bitcoin Header)?

For any bitcoin block we combine various Header fields to create a string which is an input to a 2 pass SHA algorithm. The resultant hash must match with the Hash in the Block header for the Block to be valid.

To test this logic as well as SHA algorithm, I used the header of Block number 695877 (https://blockchain.info/rawblock/695877?format=json) to create the Input string 04008020546c35998681264442 ...

Score: 0
A query regarding SHA256 Algorithm

I am trying to code SHA256 from scratch to understand its implementation based on the wiki pseudo code as its clear enough. But I am running into problems with the calculation of W[i] for the first block. I am sure I am missing the logic somewhere. Given a data string of size 80 Bytes (in Hex): "02000000aaf8ab82362344f49083ee4edef795362cf135293564c4070000000000000000c009bb6222e9bc4cdb8f26b2e8a2f8d16350969 ...

Score: 0
If the source code of SHA256 hashing algorithm is available in public, why can't it be hacked?

If the SHA256 algorithm is public, why can't attackers use it to create more collisions rendering the algorithm useless?

Score: 2
Does SHA-256 have (128-time + 128-space = 256-overall)-bit collision resistance?

First, we consider those hash functions that can actually provide 256-bit pre-image security, and not something like `SHAKE128<l=256bits>` where the sponge parameters provides only a security capacity of 128-bit.

We know that cryptanalysis doesn't have just a time dimension - it also has a space dimension, i.e. the amount of working memory needed to execute the cryptanalysis algorithm. So if we expe ...

Score: -1
Does this paper find cryptographic weakness of SHA-256?

I found only the abstract and tables of this paper https://dl.acm.org/doi/abs/10.1145/3409501.3409513

From the abstract

In this paper, the researchers proved that the modified SHA256 is viable to length extension, brute-force and dictionary attacks. Randomness tests also showed uniform random distribution of the hashes generated by the modified SHA256

The meaning of each randomness test:

Monobit

Score: 2
In sha256, is it possible to use less information than the full preimage to prove that the prefix of the preimage is a certain string

Alice split a long string P into two segments A and B. A is relatively short and B is long.

`H = sha256(A + B)`

Bob does not know P, but knows H.

Is it possible for Alice to prove to Bob that A is the prefix of P, but only needs to provide additional information much shorter than B?

Score: 0
Does my SHA-256 TableSalt algo give away the seed salt?

# The Setup

I have a table of values for which I need to compute a salted hash for each table-cell value. Furthermore, I need the salt for each table cell to be unique and unpredictable. (I can explain what motivates this need later, but for now I don't want to distract from the problem statement.)

Now I don't want to add an extra column per existing column in a table just to store this unique, per-cell ...