Showing content from http://wikipedia.org/wiki/Secure_Hash_Algorithms below:
Secure Hash Algorithms - Wikipedia
From Wikipedia, the free encyclopedia
Family of cryptographic hash functions
The Secure Hash Algorithms are a family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard (FIPS), including:
- SHA-0: A retronym applied to the original version of the 160-bit hash function published in 1993 under the name "SHA". It was withdrawn shortly after publication due to an undisclosed "significant flaw" and replaced by the slightly revised version SHA-1.
- SHA-1: A 160-bit hash function which resembles the earlier MD5 algorithm. This was designed by the National Security Agency (NSA) to be part of the Digital Signature Algorithm. Cryptographic weaknesses were discovered in SHA-1, and the standard was no longer approved for most cryptographic uses after 2010.
- SHA-2: A family of two similar hash functions, with different block sizes, known as SHA-256 and SHA-512. They differ in the word size; SHA-256 uses 32-bit words where SHA-512 uses 64-bit words. There are also truncated versions of each standard, known as SHA-224, SHA-384, SHA-512/224 and SHA-512/256. These were also designed by the NSA.
- SHA-3: A hash function formerly called Keccak, chosen in 2012 after a public competition among non-NSA designers. It supports the same hash lengths as SHA-2, and its internal structure differs significantly from the rest of the SHA family.
The corresponding standards are FIPS PUB 180 (original SHA), FIPS PUB 180-1 (SHA-1), FIPS PUB 180-2 (SHA-1, SHA-256, SHA-384, and SHA-512). NIST has updated Draft FIPS Publication 202, SHA-3 Standard separate from the Secure Hash Standard (SHS).
Comparison of SHA functions[edit]
In the table below, internal state means the "internal hash sum" after each compression of a data block.
Comparison of SHA functions
Algorithm and variant Output size
(bits) Internal
state size
(bits) Block size
(bits) Rounds Operations Security against collision attacks
(bits) Security against length extension attacks
(bits) Performance on Skylake (median cpb)[1] First published Long messages 8 bytes MD5 (as reference) 128 128
(4 × 32) 512 4
(16 operations in each round) And, Xor, Or, Rot, Add (mod 232) ≤ 18
(collisions found)[2] 0 4.99 55.00 1992 SHA-0 160 160
(5 × 32) 512 80 And, Xor, Or, Rot, Add (mod 232) < 34
(collisions found) 0 ≈ SHA-1 ≈ SHA-1 1993 SHA-1 < 63
(collisions found)[3] 3.47 52.00 1995 SHA-2 SHA-224
SHA-256 224
256 256
(8 × 32) 512 64 And, Xor, Or,
Rot, Shr, Add (mod 232) 112
128 32
0 7.62
7.63 84.50
85.25 2004
2001 SHA-384 384 512
(8 × 64) 1024 80 And, Xor, Or,
Rot, Shr, Add (mod 264) 192 128 5.12 135.75 2001 SHA-512 512 256 0[4] 5.06 135.50 2001 SHA-512/224
SHA-512/256 224
256 112
128 288
256 ≈ SHA-384 ≈ SHA-384 2012 SHA-3 SHA3-224
SHA3-256
SHA3-384
SHA3-512 224
256
384
512 1600
(5 × 5 × 64) 1152
1088
832
576 24[5] And, Xor, Rot, Not 112
128
192
256 448
512
768
1024 8.12
8.59
11.06
15.88 154.25
155.50
164.00
164.00 2015 SHAKE128
SHAKE256 d (arbitrary)
d (arbitrary) 1344
1088 min(d/2, 128)
min(d/2, 256) 256
512 7.08
8.59 155.25
155.50
All SHA-family algorithms, as FIPS-approved security functions, are subject to official validation by the CMVP (Cryptographic Module Validation Program), a joint program run by the American National Institute of Standards and Technology (NIST) and the Canadian Communications Security Establishment (CSE).
- ^ "Measurements table". bench.cr.yp.to.
- ^ Tao, Xie; Liu, Fanbao; Feng, Dengguo (2013). Fast Collision Attack on MD5 (PDF). Cryptology ePrint Archive (Technical report). IACR.
- ^ Stevens, Marc; Bursztein, Elie; Karpman, Pierre; Albertini, Ange; Markov, Yarik. The first collision for full SHA-1 (PDF) (Technical report). Google Research.
- Marc Stevens; Elie Bursztein; Pierre Karpman; Ange Albertini; Yarik Markov; Alex Petit Bianco; Clement Baisse (February 23, 2017). "Announcing the first SHA1 collision". Google Security Blog.
- ^ Without truncation, the full internal state of the hash function is known, regardless of collision resistance. If the output is truncated, the removed part of the state must be searched for and found before the hash function can be resumed, allowing the attack to proceed.
- ^ "The Keccak sponge function family". Retrieved 2016-01-27.
RetroSearch is an open source project built by @garambo
| Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.3