> If I remember correctly (I may not), two SHA-2 functions (SHA-224 and SHA-... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		masklinn on Sept 24, 2012 \| parent \| context \| favorite \| on: SHA-3 to Be Announced > If I remember correctly (I may not), two SHA-2 functions (SHA-224 and SHA-384?) aren't vulnerable to length extension attacks. Interesting, is that because they only return part of the final state (by slicing sha-256 and sha-512) where unsliced 256 and 512 return all of the algorithm's running state as its result?

ryan-c on Sept 24, 2012 | [–]

That's the only reason I can think of why they would be immune to length extension attacks. With SHA-224 one could just brute force the missing 32 bits of state, though.

marshray on Sept 24, 2012 | [–]

Yes.

NIST has also specified several other truncated hash functions such as SHA-2-512/256.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact