Comment by poincaredisk
Comment by poincaredisk 10 months ago
Being "vulnerable" to hash length extension is not a problem for a hash function. It is a problem for a MAC, hence HMAC exists. People confuse both, so SHA-3 competition explicitly requested functions resistant against hash length extension. SHA-256 is a perfectly fine hash function.
And, I don't know how to say it, if you don't know what are the difference between SHA-256 and SHA-512/256 you shouldn't use either. Cryptography really is hard.