RIPEMD-160 has a 160-bit or 20-byte hash value while SHA-256 has a 256-bit or 32-byte. So RIPEMD-160 is used for it's shorter hash. However, SHA-1 also produces a 160-bit hash. RIPEMD-160 is a less popular algorithm but in fact achieves exactly the same as SHA-1 does.

RIPEMD was used because it produces the shortest hashes whose uniqueness is still sufficiently assured. This allows Bitcoin addresses to be shorter. SHA256 is used as well because Bitcoin's use of a hash of a public key might create unique weaknesses due to unexpected interactions between RIPEMD and ECDSA (the public key signature algorithm).

But an additional RIPEMD does protect against possible weakness in SHA256 since addresses are hashed with SHA256 and RIPEMD160. – Jonas Schnelli Commented Apr 27, 2018 at 20:10

Aug 20, 2021 · Why was the RIPEMD-160 hash algorithms chosen before SHA-1? 1 Can a brainwallet passphrase be derived if an attacker has obtained the private keys of an empty wallet.dat file?

Mar 26, 2013 · Bitcoin uses SHA256 followed by RIPEMD-160, which I'll collectively call HASH160. Good hashes have 4 properties: it is easy to compute the hash value for any given message ; it is infeasible to generate a message that has a given hash; it is infeasible to modify a message without changing the hash

Nov 7, 2022 · Stack Exchange Network. Stack Exchange network consists of 183 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

Aug 11, 2014 · Stack Exchange Network. Stack Exchange network consists of 183 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

As Bitcoin vanity pools become more popular, the possibility of using that power to derive another person's Base58 public key hash becomes slightly more likely.

Dec 9, 2017 · I came to know that for generating addresses Bitcoin uses RIPEMD-160(SHA-256). But most of the Bitcoin Addresses are 25 to 34 Bytes(characters) long & starts with 1 or 3. How is this possible? Is there any underlying Encryption algorithm is there along with Hashing functions like RIPEMD & SHA?

My understanding is that Base58Checked is always 34 bytes long, and isn't going to be less than 34 bytes even if the first or last bytes of the RipeMD are zero. If this statement isn't true, then none of the following question matters. Short question. What should the Base58Checked address be for the following public key?