[Cryptography] SHA-256 decrypted (8 rounds)

[Ray Dillinger]

On 11/7/23 00:54, Michael Kjörling wrote:
> Given that there are 2^447 possible inputs of 447 bits of length
> (ignoring shorter inputs), but only 2^256 possible outputs of 256 bits
> of length (for SHA-256), within a 2^447 input space, mathematically
> there must statistically exist 2^(447-256) = 2^191 different possible
> inputs for every single output. (It is of course possible that the
> output distribution has non-uniform properties, especially after only
> 8 rounds, but likely still not on the order of 2^190.)
>
> How does what you are showing compare against the current publicly
> known attacks against SHA-256?
>
> In English, what _exactly_ is your claim?


I do not have a VB.Net environment to test this code in and haven't 
analyzed it extensively, but this appears to be an attempt to find a 
preimage for a given hash by iteratively finding preimages for single 
steps of the hashing algorithm.  This is not an approach I'm optimistic 
about for any hash (or any cipher) that takes input in blocks larger 
than 128 bits - the search for a preimage of a single step becomes 
prohibitive unless there's something I don't understand going on that 
restricts the search.

The approach, even if fruitful, is closed off by modifications such as 
SHA-256D which requires finding blocks that are simultaneous preimages 
for different steps of the hash.


Bear

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20231107/156baa7e/attachment.htm>