![âą SHA is based on the hash function MD4 and its design closely models
MD4. SHA-1 produces a hash value of 160 bits.
âą In 2005, a research team described an attack in which two separate
messages could be found that deliver the same SHA-1 hash using
2^69 operations, far fewer than the 2^80 operations previously
thought needed to find a collision with an SHA-1 hash [WANG05].
âą This result has hastened the transition to newer, longer versions of
SHA.](https://image.slidesharecdn.com/informationandnetworksecurity39securehashalgorithm-210723174039/85/Information-and-network-security-39-secure-hash-algorithm-4-320.jpg)
Information and network security 39 secure hash algorithm
- 1. Information and Network Security:39 Secure Hash Algorithm (SHA) Prof Neeraj Bhargava Vaibhav Khanna Department of Computer Science School of Engineering and Systems Sciences Maharshi Dayanand Saraswati University Ajmer
- 2. Secure Hash Algorithm ïSHA originally designed by NIST & NSA in 1993 ïwas revised in 1995 as SHA-1 ïUS standard for use with DSA signature scheme ïŹstandard is FIPS 180-1 1995, also Internet RFC3174 ïŹnb. the algorithm is SHA, the standard is SHS ïbased on design of MD4 with key differences ïproduces 160-bit hash values ïrecent 2005 results on security of SHA-1 have raised concerns on its use in future applications
- 3. Secure Hash Algorithm âą In recent years, the most widely used hash function has been the Secure Hash Algorithm (SHA). âą The Secure Hash Algorithm (SHA) was developed by the National Institute of Standards and Technology (NIST) and published as a federal information processing standard (FIPS 180) in 1993; a revised version was issued as FIPS 180-1 in 1995 and is generally referred to as SHA-1. âą The actual standards document is entitled Secure Hash Standard.
- 4. âą SHA is based on the hash function MD4 and its design closely models MD4. SHA-1 produces a hash value of 160 bits. âą In 2005, a research team described an attack in which two separate messages could be found that deliver the same SHA-1 hash using 2^69 operations, far fewer than the 2^80 operations previously thought needed to find a collision with an SHA-1 hash [WANG05]. âą This result has hastened the transition to newer, longer versions of SHA.
- 5. Revised Secure Hash Standard ïNIST issued revision FIPS 180-2 in 2002 ïadds 3 additional versions of SHA ïŹSHA-256, SHA-384, SHA-512 ïdesigned for compatibility with increased security provided by the AES cipher ïstructure & detail is similar to SHA-1 ïhence analysis should be similar ïbut security levels are rather higher
- 6. Revised Secure Hash Standard âą In 2002, NIST produced a revised version of the standard, FIPS 180-2, that defined three new versions of SHA, with hash value lengths of 256, 384, and 512 bits, known as SHA-256, SHA-384, and SHA-512. âą Collectively, these hash algorithms are known as SHA-2. These new versions have the same underlying structure and use the same types of modular arithmetic and logical binary operations as SHA-1, hence analyses should be similar. âą A revised document was issued as FIP PUB 180-3 in 2008, which added a 224-bit version. SHA-2 is also specified in RFC 4634, which essentially duplicates the material in FIPS 180-3, but adds a C code implementation. âą In 2005, NIST announced the intention to phase out approval of SHA-1 and move to a reliance on the other SHA versions by 2010.
- 7. SHA Versions SHA-1 SHA-224 SHA-256 SHA-384 SHA-512 Message digest size 160 224 256 384 512 Message size < 264 < 264 < 264 < 2128 < 2128 Block size 512 512 512 1024 1024 Word size 32 32 32 64 64 Number of steps 80 64 64 80 80
- 9. SHA-512 Compression Function ïheart of the algorithm ïprocessing message in 1024-bit blocks ïconsists of 80 rounds ïŹupdating a 512-bit buffer ïŹusing a 64-bit value Wt derived from the current message block ïŹand a round constant based on cube root of first 80 prime numbers
- 10. SHA-512 Compression Function âą The SHA-512 Compression Function is the heart of the algorithm. In this Step 4, it processes the message in 1024-bit (128-word) blocks, using a module that consists of 80 rounds, labeled F in Stallings Figure âą Each round takes as input the 512-bit buffer value, and updates the contents of the buffer. âą At input to the first round, the buffer has the value of the intermediate hash value. âą Each round t makes use of a 64-bit value Wt derived using a message schedule from the current 1024-bit block being processed. âą
- 11. SHA-512 Compression Function âą Each round also makes use of an additive constant Kt, based on the fractional parts of the cube roots of the first eighty prime numbers. âą The constants provide a ârandomizedâ set of 64-bit patterns, which should eliminate any regularities in the input data. âą The output of the eightieth round is added to the input to the first round to produce the final hash value for this message block, which forms the input to the next iteration of this compression function, as shown on the previous slide.
- 14. Assignment âą What is Secure Hash Algorithm SHA âą In SHA-512, what is the minimum and maximum number of padding bits that can be added to a message