�j"1LAnZuoQdcKCkpDBKQMCgziGMoPC4VQUckMù<div class="post"><div class="quoteheader"><a href="https://bitcointalk.org/index.php?topic=360.msg2982#msg2982">Quote from: bdonlan on July 14, 2010, 10:37:56 PM</a></div><div class="quote">As you can see, this tries to be more secure by hashing twice. However, this actually reduces security. To break pure SHA256, an attacker needs to find a d' such that SHA256(d') == SHA256(d), for a known d. This is also sufficient to break Hash(). However the attacker can also attack the outer layer of the hash, finding a d' such that SHA256(SHA256(d')) == SHA256(SHA256(d)), even though SHA256(d') != SHA256(d). As you can see, the double hashing here makes it _easier_ to break the hash!<br/></div><br/>If I understand correctly, you've got two chances to find a collision instead of one.<br/><br/>So this decreases the security of SHA256 by a factor of 2... which is just Not a Big Deal. Bitcoin is using, essentially SHA255 instead of SHA256. It'll still take longer than forever to find a collision...</div> text/html
https://whatsonchain.com/tx/165cdfc356cbdf2fd2a4a7fa762a973a2cdc1f609dc838fbf09e27766cd0cf14