SHA256 security question

Having that the result for some string STR was:

SHA256(STR)=3f7c54571faee024e3fd68603c5c95f6a4c8ef73a398840b974f3f57737a116f 

Would it be possible to get t开发者_运维知识库he result of SHA256(myOwnString+STR)? ('+' is used as concatenation)

Are there any known attacks for this scenario?

myOwnString+STR would be a totally different string than STR -- so, those two would have totally different hashes ; and looking at those hashed, you'd have no way of guessing they result of your hashing function being applied to STR and something based on STR.

That's precisely why we generally recommend using a salt when hashing passwords -- see Salt (cryptography), about that.

What you're describing is evaluating hash function's 'avalanche property'; if you change the input just a little bit, how much does the output change? Any decent hashing function should be able to completely mangle the result drastically even if the input changes just one bit. This is why things like salts and nonces work well, because adding few bytes to the initial string (which by itself might be weak, short or predictable, like passwords), changes the result of the hash to something completely different and unrelated to the original.

to answer your question more directly tho:

A 2008 attack breaks preimage resistance for 46 out of 80 rounds of SHA-512, and 41 out of 64 rounds of SHA-256.[1] Collision attacks against up to 24 steps of SHA-256

and

There are two meet-in-the-middle preimage attacks against SHA-2 with a reduced number of rounds. The first one attacks 41-round SHA-256 out of 64 rounds with time complexity of 2253.5 and space complexity of 216, and 46-round SHA-512 out of 80 rounds with time 2511.5 and space 23. The second one attacks 42-round SHA-256 with time complexity of 2251.7 and space complexity of 212, and 42-round SHA-512 with time 2502 and space 222.

So yes, it's weakened, but it's nowhere near useless yet. And I haven't found any attacks specific to dealing with input length extension.