I am looking into building a merkle tree algorithm and I need to know if SHA256 is resistant to second preimage attack.
Asked
Active
Viewed 1,561 times
1 Answers
2
SHA-256 has no known collision attack and has no known second pre-image attack and has no known pre-image attack.
There was a claim Has SHA256 been broken by Treadwell Stanton DuPont? but is has already debunked.
Currently, we have generic attacks: $2^{256}$ pre-image resistance, $2^{256}$ secondary pre-image resistance and $2^{128}$ collision resistance. Collision resistance is lower due to the birthday attack. The academical attacks are on reduced rounds, therefore not practical, yet.
Note per comment: It is not SHA-256 or any other Cryptographic hash's weakness. It is a problem with hash trees that enables to find secondary pre-images and it can be mitigated with domain separation as mentioned in rfc6992. You can also see this problem in this post;
