1

I need to find the SHA256 hash of s string like this: part1-part2. I know the SHA256(part1), length of part1 and I know part2, but I don't know what is the contents of part1.

Is there any chance I can compute the hash of the whole string using only these three parts of information?

e-sushi
  • 17,891
  • 12
  • 83
  • 229
Daniel
  • 113
  • 4
  • 4
    You can compute $\operatorname{SHA256}(\mathit{secret}\Vert\mathit{padding}\Vert\mathit{data})$ using a length extension attack, but computing $\operatorname{SHA256}(\mathit{secret}\Vert\mathit{data})$ for freely chosen $\mathit{data}$ without the $\mathit{padding}$ in between is assumed to be hard (i.e. practically impossible, unless SHA256 turns out to be severely broken). HashPump is a tool to perform length extensions. – yyyyyyy Apr 23 '16 at 09:07
  • I understand. This attack is not suitable for what I am looking for, as it doesn't give me the exact SHA256(secret||data). Thank you for explaining :) – Daniel Apr 23 '16 at 17:12

1 Answers1

1

As @yyyyyy already commented: if you are able to successfully apply a length extension attack, you would be able to compute

$$\operatorname{SHA256}(\mathit{secret}\Vert\mathit{padding}\Vert\mathit{data})$$

But computing $\operatorname{SHA256}(\mathit{secret}\Vert\mathit{data})$ for freely chosen $\mathit{data}$ without the $\mathit{padding}$ in between is assumed to be “hard”; meaning that you’ll end up having to brute-force your way towards a result.

Also see “understanding a length extension attack” for a more indeep understanding of things.

Community
  • 1
e-sushi
  • 17,891
  • 12
  • 83
  • 229