SHA-2 works by, after padding the message and appending the message's length, breaking the message into chunks. It sets up an initial state, and then sequentially iterates over the chunks updating the state as it goes. At the end, your state is your hash.
In other words:
state = INITIAL_STATE
for chunk in chunks:
state = SHA2 (state, chunk)
hash = state
So it's easy to see that an attacker can take that hash and keep running iterations after the fact.
Truncated SHA-2 variants are immune because attackers aren't given state, they're given only a piece of state. They have no way of knowing the rest of state, so they can't continue iterating.
SHA-2 works by, after padding the message and appending the message's length, breaking the message into chunks. It sets up an initial state, and then sequentially iterates over the chunks updating the state as it goes. At the end, your state is your hash.
In other words:
So it's easy to see that an attacker can take that hash and keep running iterations after the fact.Truncated SHA-2 variants are immune because attackers aren't given state, they're given only a piece of state. They have no way of knowing the rest of state, so they can't continue iterating.