Why does Bitcoin use two rounds of SHA256?

9

2

Each blocked is hashed twice. Why isn't one application of SHA256 enough?

ripper234

Posted 2012-07-30T20:44:18.460

Reputation: 25 852

Answers

13

From Zooko's answer provided in Crypto StackExchange:

SHA-256(SHA-256(x)) was proposed by Ferguson and Schneier in their excellent book "Practical Cryptography" (later updated by Ferguson, Schneier, and Kohno and renamed "Cryptography Engineering") as a way to make SHA-256 invulnerable to "length-extension" attack. They called it "SHA-256d".

Stephen Gornick

Posted 2012-07-30T20:44:18.460

Reputation: 26 454