512 bit X has been hashed using SHA256(X) = Y
Given Y and half of X (the first 256bits) to attacker, how hard is to reveal whole X
Can SHA256 or any real world function be cracked to allow this problem to be solved faster
Is this problem known in cryptography? and under what name? Tried google for concatenated preimage attack but found nothing.
Knowing the first 256 bits of X is of little use. Intuitively you can understand this becsuse most values for the first 256 will have a matching second 256 which will lead to Y. Assuming pseudo random distribution throwing n balls in to n bins will leave only n/e of them empty. By knowing there is an answer with said prefix the brute force is slightly faster, not by doing anything clever in the brute force but by virtue of eliminating the possibility of no value. If we have a random oracle hash the worst case brute force with the prefix is 2^256 and without it is 2^512 but the difference in expected attack time is rather small. And in any cass it is entirely not fessable. Threre are no known relevant attacks on sha255 to make this even remotely feasible to launch.
