[adrian_b]

That attack is one of the reasons why the one-way hash functions based on the Merkle-Damgaard structure, like SHA-2 and the older hashes, are considered obsolete for hashing extremely large files.

The newer one-way hash structures, like those used by SHA-3 or by BLAKE/BLAKE2/BLAKE3 are immune to this kind of attacks (because they use either a sponge automaton or a structure similar to Merkle-Damgaard but augmented with a counter input for hashing each block, which is equivalent to using distinct hashing functions for all data blocks, instead of iterating the same hashing function, which can be exploited by the Joux attack mentioned by you).

[hoytech]

Thanks! Does this attack actually depend on extremely large files in any way? My understanding is that this method can always find fixed-size pre-images for collision attacks, and is unaffected by the pre-image size in a pre-image attack.

That makes sense about newer functions being immune. However, note that both of the cascaded hashes must be immune to prevent this attack (as described in the paper).