Each blocked is hashed twice. Why isn't one application of SHA256 enough?
Asked
Active
Viewed 2,079 times
2 Answers
13
From Zooko's answer provided in Crypto StackExchange:
SHA-256(SHA-256(x)) was proposed by Ferguson and Schneier in their excellent book "Practical Cryptography" (later updated by Ferguson, Schneier, and Kohno and renamed "Cryptography Engineering") as a way to make SHA-256 invulnerable to "length-extension" attack. They called it "SHA-256d".
Stephen Gornick
- 27,040
- 12
- 67
- 141
-
Length extension attacks are impossible in Bitcoin because length extension attacks only apply where the hashed data is secret. This answer is incorrect. – Shelby Moore III Feb 22 '22 at 10:40
-1
My conjecture is the double hashing everywhere was a red-herring to make us think Satoshi was sloppy, lame and take our focus away from a posited valid use case for the RIPEMD160(SHA256).
My lengthy and elaborate rationale is in my answer on the related question.
Shelby Moore III
- 649
- 5
- 12