SHA-2
SHA -2 ( from English- secure hash algorithm, secure hash algorithm) is the name given to the four cryptographic hash functions SHA -224, SHA -256, SHA -384 and SHA -512, in 2001 by the U.S. NIST as a successor to SHA -1 were standardized.
History
In response to the become known attacks against SHA- 1, the National Institute of Standards and Technology held ( NIST) in October 2005, a workshop, in which the current state of cryptographic hash functions was discussed. NIST recommends the transition from SHA -1 to hash functions SHA -2 family (SHA -224, SHA -256, SHA -384, SHA- 512). To obtain a hash function with a different design principle, called the NIST modeled on the Advanced Encryption Standard (AES) on a tender for SHA -3. The final selection and appointment then fell in October 2012 on the algorithm Keccak. SHA -2 but is still considered safe and recommended for use.
Operation
NIST published in August 2002, the first three versions of the algorithm, SHA -256, SHA -384 and SHA -512 where the appended number indicates in each case the length of the hash value (in bits). With SHA -384 and SHA -512 (theoretical) data can be processed up to a size of 2128 bits. In practice, however, files are not realistic, with more than 264 bits. In February 2004, another version, SHA -224, was published.
To generate the hash value for the SHA- 256, the source data is divided into 512 -bit blocks and 16 32 -bit words, and offset constants iteratively 64 and six logical functions. In this case, starting with an initial hash of eight 32- bit words. To the first 32 bits of the fractional part of the square roots of the first eight prime numbers ( 2 to 19 ) may be used.
For SHA -224 is exactly the same algorithm used, the Initialhash is however set with eight different values (bits 33 to 64 of decimal digits of the square roots of prime numbers from 23 ). At the end result is the eighth 32- bit word is simply discarded.
For SHA- 512 is working with 1024 -bit blocks and a word length of 64 bits. 80 there are used 64-bit constants, and six logical functions. The Initialhash consists of eight 64 -bit values, also here the decimal places of the square roots of the first eight prime numbers are used.
For SHA- 384, the same algorithm applies. The Initialhash is calculated, however, from the 64 Nachkommabits of the square roots of the following primes ( 23, 29, etc.). Only the first six 64-bit words are taken from the result at the end.
The SHA -1 and SHA -256 are also the basis for the block cipher SHACAL.
Example hashes
The hash of a string of zero length is:
SHA224 ("") = d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f SHA256 ("") = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 SHA384 ("") = 38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b SHA512 ("") = cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e A small change in the message generates a completely different hash. This property is referred to in cryptography as avalanche effect.
SHA224 ( " quick brown fox completely dilapidated taxi across Bavaria ") = 49b08defa65e644cbf8a2dd9270bdededabc741997d1dadd42026d7b SHA224 ( " Frank chases in the completely dilapidated taxi across Bavaria ") = 58911e7fccf2971a7d07f93162d8bd13568e71aa8fc86fc1fe9043d1 SHA256 ( " quick brown fox completely dilapidated taxi across Bavaria ") = d32b568cd1b96d459e7291ebf4b25d007f275c9f13149beeb782fac0716613f8 SHA256 ( " Frank chases in the completely dilapidated taxi across Bavaria ") = 78206a866dbb2bf017d8e34274aed01a8ce405b69d45db30bafa00f5eeed7d5e SHA384 ( " quick brown fox completely dilapidated taxi across Bavaria ") = 71e8383a4cea32d6fd6877495db2ee353542f46fa44bc23100bca48f3366b84e809f0708e81041f427c6d5219a286677 SHA384 ( " Frank chases in the completely dilapidated taxi across Bavaria ") = ef9cd8873a92190f68a85edccb823649e3018ab4da3aeff54215187c0972f7d77922c72f7c0d90fca01cf3e46af664d2 SHA512 ( " quick brown fox completely dilapidated taxi across Bavaria ") = af9ed2de700433b803240a552b41b5a472a6ef3fe1431a722b2063c75e9f07451f67a28e37d09cde769424c96aea6f8971389db9e1993d6c565c3c71b855723c SHA512 ( " Frank chases in the completely dilapidated taxi across Bavaria ") = 90b30ef9902ae4c4c691d2d78c2f8fa0aa785afbc5545286b310f68e91dd2299c84a2484f0419fc5eaa7de598940799e1091c4948926ae1c9488dddae180bb80 specifications
- RFC 4634, U.S. Secure Hash Algorithms (SHA and HMAC -SHA ) ( July 2006)
- RFC 6234 U.S. Secure Hash Algorithms (SHA and SHA -based HMAC and HKDF ) (May 2011)