Find SHA256 if I only have part of the string

Question

I need to find the SHA256 hash of s string like this: "part1-part2". I know the SHA256 hash of part1 and I know what part2 represents, but I don't know what is the contents of part1.

Is there any chance I can compute the hash of the whole string using these two?

What do you mean by saying that you know what part2 represents. Do you mean you know the contents, or you know the contents will be something in a format that you can predict? — Daisetsu, Apr 23 '16 at 07:20

Daisetsu · Accepted Answer · 2016-04-25T07:16:03.613

3

You may be able to compute a SHA256 of part1-part2, if you already knew SHA256(part1), and the value for part2. This relies on a vulnerability in the underlying method of hash construction SHA256 uses (https://en.wikipedia.org/wiki/Length_extension_attack).

EDIT: To clarify the algorithm SHA256 will pad any input to a multiple of some given size.

Soo really you could think of it as SHA256(part1||padding), where 'padding' means x00 repeated till size(part1||padding) mod 512 = 0 (since SHA256 has a block size of 512 https://en.wikipedia.org/wiki/Secure_Hash_Algorithm). This becomes a problem if any padding needs to be added to part1.

edited Apr 25 '16 at 07:16

answered Apr 23 '16 at 07:23

Daisetsu

5,110
1
14
24

Does it work even if I don't have any data from part1 except for its hash and length? – Daniel Apr 23 '16 at 08:34
Yes. That's why it's an attack. – Daisetsu Apr 23 '16 at 17:17
I think that "may" is not correct and that this can definitely be done using a length extension attack. – Neil Smithline Apr 23 '16 at 23:17
It can be done, but using padding between part1 and part2, right? So in the end SHA256(part1||part2) will differ from SHA256 (part1||padding||part2). – Daniel Apr 24 '16 at 08:02
1

Correct. SHA256part1||part2) != SHA256(part1||padding||part2). – Daisetsu Apr 24 '16 at 08:05

Find SHA256 if I only have part of the string

1 Answers1