Cryptographic Randomness Test of the Modified Hashing Function of SHA256 to Address Length Extension Attack

Abstract

Length Extension attack is vulnerable to SHA256. It is a type of attack where certain types of hashes are misused as message authentication codes and allowing for inclusion of extra information. In this study, the researchers introduced an improved padding scheme and hashing process for SHA256 to address this problem. To prove that the modified hash function is cryptographically secure, statistical tests using Strict Avalanche Effect, Frequency Test (Monobit), Frequency Test within a Block, and Run Test were performed to evaluate the results of the Message Digest. Test results show that the number of ones and zeros in each element is distributed uniformly random in the final hash value. Additionally, runtime execution is much faster in generating the hash code since it has reduced the number of rounds to 32.