|
|
|
|
|
|
by tveita
4764 days ago
|
|
|
I do mean the hash function "SHA-512/256", as defined in FIPS 180-4 [1]. It is basically a version of SHA-512 that truncates the final result to 256 bits (Like SHA-384). It is not vulnerable to length extension, because unlike SHA-256, the final hash does not contain enough state to continue hashing. I wouldn't consider SHA-224 immune to length extension since it only truncates 32 bits, which is low enough to brute force. [1] http://csrc.nist.gov/publications/drafts/fips180-4/Draft-FIP... |
|
|