Secure Hash Algorithm (SHA Hash)

The Secure Hash Algorithm, or SHA Hash, is published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard - FIPS PUB 180-3, which specifies three flavors of the SHA Algorithm:

• SHA-0: No longer used.

• SHA-1: The most widely used version

• SHA-2: Comes in four different variants: SHA-224, SHA-256, SHA-384, and SHA-512

When a message of any length less than 2⁶⁴ bits (SHA-1, SHA-224, and SHA-256) or less than 2¹²⁸ bits (SHA-384 & SHA-512) is input to a hash algorithm, the result is an output called a message digest. The message digests range in length from 160 to 512 bits, depending on the algorithm.

The five hash algorithms specified in this standard are called secure because, for a given algorithm, it is computationally infeasible to find a message that corresponds to a given message digest, or to find two different messages that produce the same message digest. Any change to a message will, with a high probability, result in a different message digest. This will result in a verification failure when the secure hash algorithm is used with a digital signature algorithm or a keyed-hash message authentication algorithm.

Types of SHA

Of the three flavors, I’m going to concentrate on the variants of SHA: SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. Following is an informative overview—without getting too deep into the weeds. All these are a cryptographic hash function designed by the National Security Agency (NSA) and published by NIST.

SHA-1

The original specification of the algorithm was published in 1993 in FIPS PUB 180-1. This is the most widely used of the existing SHA hash functions and is employed in several widely used security applications and protocols, such as transport layer security (TLS), secure socket layer (SSL), pretty good privacy (PGP), Secure Shell (SSH), Secure/Multipurpose Internet Mail Extensions (S/MIME), and Internet Protocol Security (IPSEC). SHA-1 hashing is also used in distributed revision control systems such as Arch, Mercurial, Monotone, and BitKeeper to identify revisions and detect data corruption or tampering. And, yes, even when you’re at home enjoying some guilty pleasure of killing a complete stranger over the Internet through your Nintendo or trying to stay fit using your Wii, the SHA-1 hash is being used for signature verification during your boot process.

SHA-2

In August 2001, NIST published FIPS PUB 180-2, introducing SHA-2 to the general populace. SHA-2 includes a significant number of changes from its predecessor, SHA-1. SHA-2 is a family of four similar hash functions with differing digest lengths, known as SHA-224, SHA-384, SHA-256, and SHA-512. These algorithms are collectively known as SHA-2. The same vulnerabilities found in SHA-1 in 2005, these same attacks have not been extended to SHA-2 or its variants.

Like its predecessor, the SHA-2 hash function has been implemented in TLS and SSL, PGP, SSH, S/MIME, and IPsec. However, SHA-2 implementation is not as widely used as SHA-1, despite its better security. Reasons vary: lack of support on Microsoft systems older than Windows XP SP2, a lack of urgency, or perhaps even waiting for SHA-3 to come around (see the note). Currently, SHA-256 is used for authentication on certain Linux packages; SHA-512 is also a part of an authentication system for archival video from the International Criminal Tribunal of the Rwandan genocide. UNIX and Linux vendors are pushing for use of the SHA-256 and SHA-512 for secure password hashing.