Questions tagged as ['sha-256']

SHA-256 is part of the SHA-2 family of hash functions with a 256-bit output and a 128-bit security level.
Score: 0
Thomas Sylvest avatar
Reverse SHA256 Hashed Value from Multiple Instances where Part of Hashed Value is known
in flag

I apologize in advance if this question has been answered already. However, I have not been able to find an existing answer - despite the case being pretty simple and common I imagine. Perhaps there is some terminology that I do not know making me miss the obvious.

So here goes:

Assume we repeatedly SHA256-hash a "secret" value concatenated with different numbers and let an adversary know the hashed ...

Score: 0
SHA-256 doesn't follow a uniform distribution?
vn flag

I have been playing with SHA-2-256 in Julia and I noticed that the hashes produced don't appear to follow a uniform distribution. My understanding of secure hashing algorithms is that they should approximate a uniform distribution well, so they are not predictable.

Here is the Julia code I'm using:

using BitIntegers, Distributions, HypothesisTests, Random, SHA

function sha256_rounds()
    rounds::Arr ...
Score: 2
Neil Niu avatar
How strong if I combine two hash functions, such as MD5(SHA256(input))?
in flag

If I try to do MD5(SHA256(input)), what is the strength of this so-called double hashing approach?

Is it as strong as SHA256, or as strong as MD5, or as strong as SHA256 + MD5?

This is not a homework question btw, I am asking because of a real issue in my project. By right, I only need to do SHA256(input) on the input, and store it in a column in one MySQL table. But my practical concern is: SHA256 is o ...

Score: 1
Can I use SHA256 from BIP39 passphrase for auth credentials?
cn flag

I am working on an E2E encrypted app. I am using OpenPGP.js and storing public and private keys on the server. The private key is encrypted with a BIP39 passphrase which is stored in browser LocalStorage so it's never sent to a server. But I also need some credentials for users to login.

My idea is to make SHA256 from BIP39 passphrase and split it to two strings. First can be used for "username"  ...

Score: 1
What is the difference between "Elliptic Curve Function" and "Hash Functions" like SHA256?
hk flag

I am reading about bitcoin and I am a little confused about "elliptic curve function" and "SHA256". Do they have the same properties? Can both be used to generate private and public key pairs?

Score: 0
Does the signature length of RS256 depend on the size of the RSA key used for signing?
th flag

The following NodeJS code, when run (v16.8.0), logs 512 to stdout.

const crypto = require("crypto");
const { privateKey } = crypto.generateKeyPairSync("rsa", {
    modulusLength: 4096,
const sign = crypto.createSign("RSA-SHA256").update("somestringtosign");
const signature = sign.sign(privateKey);
console.log(signature.length); // logs 512

If I change the modulus length to 2048, then 256 is logged  ...

Score: 2
Slim Shady avatar
$2^{64}$ versions of the same message
cn flag

I am reading a textbook and in there they explain the property of hash functions. In particular, they give an example of how unlikely it would be to find a second input value that would match the hash output of the original input. Here's the example:

We show now how Oscar could turn his ability to find collisions (modifying two messages) into an attack. He starts with two messages, for instance:

Score: 0
Dew Debra avatar
Is it possible to get the SHA256 hash collision with partial known data
br flag

I have a text sentence that consists of 448 digits [0-9] [a-f] (in HEX format).

This text sentence is partially cut off, but I know the middle, and the beginning and end are damaged.

What I know is 322 known digits in the middle of a text sentence.

74 unknown digits at the beginning

52 unknown digits at the end

That is, the entire text Size: 224 bytes and it is hashed using the SHA256 hash algorith ...

Score: 0
Protect PII in-transit via hash comparison
us flag

I'm being asked to provide a solution for my internal customer. All network communication is internal and no applications nor their servers are accessible via the internet.

  • REQUESTOR application will have a list of SSNs for 1000+ people that they need information for (different list of 1000+ each day).
  • REPORTER application can run SQL queries and provide formatted output.
  • DATAOWNER application has the  ...
Score: 2
user77340 avatar
How to generate a circuit for SHA-256?
ie flag

In "A Boolean Circuit for SHA-256" by Steven Goldfeder, the author gives a Boolean circuit for SHA-256. I find this method very complicated.

May I ask how to construct a Boolean circuit for a hash function? I mean, given an algorithm of a hash function, how to transform it into a circuit as in the article?

Score: 0
When inputting a stream of raw binary values to a SHA256 hash and a value of 10000000 is encountered in the input stream, does the hash end?
ng flag

I am acquiring binary data from a sensor and storing it in a file. As each byte of data is read from the sensor, it goes into a SHA256 hash. The length of the acquired data stream varies from one session to another. It is possible that an individual sample having a binary value of 10000000 could be encountered in the input stream prior to the end of the session's stream. How does the SHA256 hash algorit ...

Score: 0
GMG avatar
How to find the right data for generate a partial SHA-256
ca flag

I have 12 bytes (5 fixed and 8 variable) of data that will be passed to SHA-256, at the end only the last 5 (most significant) bytes of the 20 generated are checked, is there a way to generate the 8 variable bytes to fake this type of SHA-256 check?

Score: 1
API key generation technique
jp flag

I am designing an web api which needs to grant access to various client apps via an api key sent as http header. I know, not really how it should be done but I have no control over this part.

My current design for api key: have 16 bytes for the app id (a guid) in the database + 16 bytes randomly generated (keybytes). Due to company policy I was asked not to store api keys in the db so I store a s ...

Score: 4
south_lagoon avatar
Uniqueness and Schnorr signatures
br flag

I am trying to analyse a "uniqueness" game around Schnorr signatures. The game is described in $\textbf{B.}$ and I try to provide in $\textbf{1.}$ and $\textbf{2.}$ some incomplete answers to resolve it. Is it possible to fully solve it? I have not used in my analysis a reduction to the DL problem; maybe is there a way to reduce the game to it? Apologies for the lack of cryptographic rigour and thanks a l ...

Score: 0
Krzysztof J. Obara avatar
Generating certificate using ECDSA_P256 algorithm but with sha256RSA signature
cn flag

If you have a look at a certificate encrypting it advertises a 256-bit ECC key with ECDSA_P256 parameter. The signature algorithm is sha256RSA. I've been trying to achieve something similar by running the below set of commands, but since the -digest parameter I use is -sha256 the result is always sha256ECDSA signature algorithm. So the question is - how Google did that and is that achievable w ...

Score: 1
Salil Gupta avatar
Number of Legitimate Bitcoin Wallets from unsequenced set of 24 Words
ch flag

If someone found a scrambled BIP-39 24 word sequence how hard would it be to determine the correct sequence that yields someone's wallet.

Are there multiple different unique sequences of the same 24 words that will determine different bitcoin wallets?

How many?


Score: 0
How does one construct a SNARK circuit for proving the knowledge of a SHA256 pre-image?
us flag

Usually one explains how the R1CS/QAPs and SNARKs work using examples of circuits with multiplication and addition nodes, and constructing polynomials from that is relatively straightforward. SHA-2 hashing uses complicated bit-wise arithmetic applied to itself multiple times, not simple multiplications and additions. How does one even construct a circuit to prove that a string hashes to a hash? Is there ...

Score: 1
nisc avatar
Matching accounts across multiple data leaks via their hashed passwords
it flag

I've heard about several instances where OSINT researchers were able to match user accounts from multiple data leaks purely based on their hashed passwords, assuming accounts had the same password on different sites. (Yes, even when there were no other identifying characteristics, such as re-used usernames, re-used email addresses, browser fingerprints, or IPs.)

As far as I know, these data leaks  ...

Score: 0
J.Doe avatar
Doubt regarding converting hex to byte in SHA-256 input
br flag

Hash functions such as SHA-256 takes a binary string as input. Now given a hex string when we convert it to a normal text string the computed SHA-256 value would be the same. Herein lies my problem

Let us consider a simple string in hexadecimals 2E; its SHA-256 value is cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8.

When converted into byte form should we write 46 or 046. In eit ...

Score: -1
J.Doe avatar
How to pad in the SHA256 Algorithm (an example using Bitcoin Header)?
br flag

For any bitcoin block we combine various Header fields to create a string which is an input to a 2 pass SHA algorithm. The resultant hash must match with the Hash in the Block header for the Block to be valid.

To test this logic as well as SHA algorithm, I used the header of Block number 695877 ( to create the Input string 04008020546c35998681264442 ...

Score: 0
J.Doe avatar
A query regarding SHA256 Algorithm
br flag

I am trying to code SHA256 from scratch to understand its implementation based on the wiki pseudo code as its clear enough. But I am running into problems with the calculation of W[i] for the first block. I am sure I am missing the logic somewhere. Given a data string of size 80 Bytes (in Hex): "02000000aaf8ab82362344f49083ee4edef795362cf135293564c4070000000000000000c009bb6222e9bc4cdb8f26b2e8a2f8d16350969 ...

Score: 0
Yogesh avatar
If the source code of SHA256 hashing algorithm is available in public, why can't it be hacked?
in flag

If the SHA256 algorithm is public, why can't attackers use it to create more collisions rendering the algorithm useless?

Score: 2
DannyNiu avatar
Does SHA-256 have (128-time + 128-space = 256-overall)-bit collision resistance?
vu flag

First, we consider those hash functions that can actually provide 256-bit pre-image security, and not something like SHAKE128<l=256bits> where the sponge parameters provides only a security capacity of 128-bit.

We know that cryptanalysis doesn't have just a time dimension - it also has a space dimension, i.e. the amount of working memory needed to execute the cryptanalysis algorithm. So if we expe ...

Score: -1
ShAr avatar
Does this paper find cryptographic weakness of SHA-256?
cn flag

I found only the abstract and tables of this paper

From the abstract

In this paper, the researchers proved that the modified SHA256 is viable to length extension, brute-force and dictionary attacks. Randomness tests also showed uniform random distribution of the hashes generated by the modified SHA256

enter image description here

The meaning of each randomness test:


Score: 2
jiedo avatar
In sha256, is it possible to use less information than the full preimage to prove that the prefix of the preimage is a certain string
de flag

Alice split a long string P into two segments A and B. A is relatively short and B is long.

H = sha256(A + B)

Bob does not know P, but knows H.

Is it possible for Alice to prove to Bob that A is the prefix of P, but only needs to provide additional information much shorter than B?

Score: 0
Babak Farhang avatar
Does my SHA-256 TableSalt algo give away the seed salt?
cn flag

The Setup

I have a table of values for which I need to compute a salted hash for each table-cell value. Furthermore, I need the salt for each table cell to be unique and unpredictable. (I can explain what motivates this need later, but for now I don't want to distract from the problem statement.)

Now I don't want to add an extra column per existing column in a table just to store this unique, per-cell ...