SHA-2

SHA -2 ( from English- secure hash algorithm, secure hash algorithm) is the name given to the four cryptographic hash functions SHA -224, SHA -256, SHA -384 and SHA -512, in 2001 by the U.S. NIST as a successor to SHA -1 were standardized.

History

In response to the become known attacks against SHA- 1, the National Institute of Standards and Technology held ( NIST) in October 2005, a workshop, in which the current state of cryptographic hash functions was discussed. NIST recommends the transition from SHA -1 to hash functions SHA -2 family (SHA -224, SHA -256, SHA -384, SHA- 512). To obtain a hash function with a different design principle, called the NIST modeled on the Advanced Encryption Standard (AES) on a tender for SHA -3. The final selection and appointment then fell in October 2012 on the algorithm Keccak. SHA -2 but is still considered safe and recommended for use.

Operation

NIST published in August 2002, the first three versions of the algorithm, SHA -256, SHA -384 and SHA -512 where the appended number indicates in each case the length of the hash value (in bits). With SHA -384 and SHA -512 (theoretical) data can be processed up to a size of 2128 bits. In practice, however, files are not realistic, with more than 264 bits. In February 2004, another version, SHA -224, was published.

To generate the hash value for the SHA- 256, the source data is divided into 512 -bit blocks and 16 32 -bit words, and offset constants iteratively 64 and six logical functions. In this case, starting with an initial hash of eight 32- bit words. To the first 32 bits of the fractional part of the square roots of the first eight prime numbers ( 2 to 19 ) may be used.

For SHA -224 is exactly the same algorithm used, the Initialhash is however set with eight different values ​​(bits 33 to 64 of decimal digits of the square roots of prime numbers from 23 ). At the end result is the eighth 32- bit word is simply discarded.

For SHA- 512 is working with 1024 -bit blocks and a word length of 64 bits. 80 there are used 64-bit constants, and six logical functions. The Initialhash consists of eight 64 -bit values, also here the decimal places of the square roots of the first eight prime numbers are used.

For SHA- 384, the same algorithm applies. The Initialhash is calculated, however, from the 64 Nachkommabits of the square roots of the following primes ( 23, 29, etc.). Only the first six 64-bit words are taken from the result at the end.

The SHA -1 and SHA -256 are also the basis for the block cipher SHACAL.

Example hashes

The hash of a string of zero length is:

SHA224 ("") = d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f SHA256 ("") = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 SHA384 ("") = 38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b SHA512 ("") = cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e A small change in the message generates a completely different hash. This property is referred to in cryptography as avalanche effect.

SHA224 ( " quick brown fox completely dilapidated taxi across Bavaria ") = 49b08defa65e644cbf8a2dd9270bdededabc741997d1dadd42026d7b SHA224 ( " Frank chases in the completely dilapidated taxi across Bavaria ") = 58911e7fccf2971a7d07f93162d8bd13568e71aa8fc86fc1fe9043d1 SHA256 ( " quick brown fox completely dilapidated taxi across Bavaria ") = d32b568cd1b96d459e7291ebf4b25d007f275c9f13149beeb782fac0716613f8 SHA256 ( " Frank chases in the completely dilapidated taxi across Bavaria ") = 78206a866dbb2bf017d8e34274aed01a8ce405b69d45db30bafa00f5eeed7d5e SHA384 ( " quick brown fox completely dilapidated taxi across Bavaria ") = 71e8383a4cea32d6fd6877495db2ee353542f46fa44bc23100bca48f3366b84e809f0708e81041f427c6d5219a286677 SHA384 ( " Frank chases in the completely dilapidated taxi across Bavaria ") = ef9cd8873a92190f68a85edccb823649e3018ab4da3aeff54215187c0972f7d77922c72f7c0d90fca01cf3e46af664d2 SHA512 ( " quick brown fox completely dilapidated taxi across Bavaria ") = af9ed2de700433b803240a552b41b5a472a6ef3fe1431a722b2063c75e9f07451f67a28e37d09cde769424c96aea6f8971389db9e1993d6c565c3c71b855723c SHA512 ( " Frank chases in the completely dilapidated taxi across Bavaria ") = 90b30ef9902ae4c4c691d2d78c2f8fa0aa785afbc5545286b310f68e91dd2299c84a2484f0419fc5eaa7de598940799e1091c4948926ae1c9488dddae180bb80 specifications

  • RFC 4634, U.S. Secure Hash Algorithms (SHA and HMAC -SHA ) ( July 2006)
  • RFC 6234 U.S. Secure Hash Algorithms (SHA and SHA -based HMAC and HKDF ) (May 2011)
725447
de