|
|
|
|
|
|
by simias
3280 days ago
|
|
|
Ah, great link. I was not aware of this "feature" of SHA256: >To abuse this property you need to get the state of the hash to match a state you get when running the decryption of the blockcipher underlying the compression function. Finding such a match requires a meet-in-the-middle attack with cost 2n/2 and thus isn't cheaper than finding a collision. |
|
|