9

2

Each blocked is hashed twice. Why isn't one application of SHA256 enough?

9

2

Each blocked is hashed twice. Why isn't one application of SHA256 enough?

13

From Zooko's answer provided in Crypto StackExchange:

SHA-256(SHA-256(x)) was proposed by Ferguson and Schneier in their excellent book "Practical Cryptography" (later updated by Ferguson, Schneier, and Kohno and renamed "Cryptography Engineering") as a way to make SHA-256 invulnerable to "length-extension" attack. They called it "SHA-256d".