Secure Hash Algorithm

From Wikipedia, the free encyclopedia
  (Redirected from SHA family)
Jump to: navigation, search

The Secure Hash Algorithm is a family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard (FIPS), including:

  • SHA-0: A retronym applied to the original version of the 160-bit hash function published in 1993 under the name "SHA". It was withdrawn shortly after publication due to an undisclosed "significant flaw" and replaced by the slightly revised version SHA-1.
  • SHA-1: A 160-bit hash function which resembles the earlier MD5 algorithm. This was designed by the National Security Agency (NSA) to be part of the Digital Signature Algorithm. Cryptographic weaknesses were discovered in SHA-1, and the standard was no longer approved for most cryptographic uses after 2010.
  • SHA-2: A family of two similar hash functions, with different block sizes, known as SHA-256 and SHA-512. They differ in the word size; SHA-256 uses 32-bit words where SHA-512 uses 64-bit words. There are also truncated versions of each standard, known as SHA-224 and SHA-384. These were also designed by the NSA.
  • SHA-3: A hash function formerly called Keccak, chosen in 2012 after a public competition among non-NSA designers. It supports the same hash lengths as SHA-2, and its internal structure differs significantly from the rest of the SHA family.

The corresponding standards are FIPS PUB 180 (original SHA), FIPS PUB 180-1 (SHA-1), FIPS PUB 180-2 (SHA-1, SHA-256, SHA-384, and SHA-512). NIST has updated Draft FIPS Publication 202, SHA-3 Standard separate from the Secure Hash Standard (SHS).

Comparison of SHA functions[edit]

In the table below, internal state means the "internal hash sum" after each compression of a data block.

Further information: Merkle–Damgård construction
Comparison of SHA functions [edit]
Algorithm and variant Output size
(bits)
Internal state size
(bits)
Block size
(bits)
Max message size
(bits)
Rounds Operations Security
(bits)
Example Performance[2]
(MiB/s)
MD5 (as reference) 128 128
(4 × 32)
512 264 − 1 64 And, Xor, Rot,
Add (mod 232),
Or
<64
(collisions found)
335
SHA-0 160 160
(5 × 32)
512 264 − 1 80 And, Xor, Rot,
Add (mod 232),
Or
<80
(collisions found)
-
SHA-1 160 160
(5 × 32)
512 264 − 1 80 <80
(theoretical attack[3] in 261)
192
SHA-2 SHA-224
SHA-256
224
256
256
(8 × 32)
512 264 − 1 64 And, Xor, Rot,
Add (mod 232),
Or, Shr
112
128
139
SHA-384
SHA-512
SHA-512/224
SHA-512/256
384
512
224
256
512
(8 × 64)
1024 2128 − 1 80 And, Xor, Rot,
Add (mod 264),
Or, Shr
192
256
112
128
154
SHA-3 SHA3-224
SHA3-256
SHA3-384
SHA3-512
224
256
384
512
1600
(5 × 5 × 64)
1152
1088
832
576
24 And, Xor, Rot,
Not
112
128
192
256
-
SHAKE128
SHAKE256
d (arbitrary)
d (arbitrary)
1088
576
min (d/2, 128)
min (d/2, 256)
-


References[edit]

  1. ^ "Crypto++ 5.6.0 Benchmarks". Retrieved 2013-06-13. 
  2. ^ Found on an AMD Opteron 8354 2.2 GHz processor running 64-bit Linux[1]
  3. ^ "Cryptanalysis of MD5 & SHA-1" (PDF). Retrieved 2013-04-25.