SHA-2

from Wikipedia, the free encyclopedia

SHA-2 (from English Secure Hash Algorithm , secure hash algorithm ) is the generic term for the cryptographic hash function SHA-224 , SHA-256 , SHA-384 , SHA-512 , SHA-512/224 and SHA-512/256 , standardized by the US National Institute of Standards and Technology (NIST) as the successor to SHA-1 .

history

In August 2002 the versions SHA-256, SHA-384 and SHA-512 were presented. A fourth variant, SHA-224, followed in February 2004. In March 2012, the standard in FIPS PUB 180-4 was supplemented by the hash functions SHA-512/224 and SHA-512/256.

As a reaction to the known attacks against SHA-1, NIST held a workshop in October 2005 in which the current status of cryptological hash functions was discussed. NIST recommends moving from SHA-1 to hash functions from the SHA-2 family.

In order to obtain a hash function with a different construction principle, NIST organized a tender for SHA-3 based on the Advanced Encryption Standard (AES). The choice fell on the Keccak algorithm in October 2012 . SHA-2 is still considered safe and recommended for use. This does not apply to SHA-224, see recommendation by the Federal Office for Information Security (BSI) .

functionality

Round function of SHA-224 and SHA-256 The variants with 64-bit words use the same round function, only with different rotation ranges for and
  
  
  
  

Like its forerunner SHA-1, SHA-2 is a Merkle-Damgård construction with a Davies-Meyer compression function. The message (source data to be hashed) is first expanded , with a coding of the message length being added, and then divided into blocks of sixteen words each. The message blocks are processed one after the other ( iteratively ) by serving as a key for the encryption of a data block of eight words. The data block is first initialized with constants. Each ciphertext is linked with the plaintext (by adding the words modulo or ), which results in the next plaintext that is encrypted with the next message block. At the end, the hash value is taken from the data block.

The length of the keywords and data words is 32 or 64  bits , depending on the variant. The smaller versions SHA-224 and SHA-256 use 32-bit words and divide the message into blocks of 512 bits. You encrypt in 64 rounds using four logical functions and a different constant for each round. With SHA-224, the eighth 32-bit word is omitted from the final result.

The other four variants use 64-bit words and 1024-bit message blocks and encrypt in 80 rounds, essentially with the same algorithm. 80 64-bit constants are used for this. The initial data block accordingly consists of eight 64-bit constants. For SHA-384 as well as SHA-512/224 and SHA-512/256, only an initial part of 384, 224 or 256 bits is used as a hash value from the result.

The constants are formed from the decimal places of the square or cube roots of the first prime numbers . Each of the six variants initializes the data block with different constants.

With the 64-bit variants, data up to a size of 2 128  bits can theoretically be processed. In practice, however, files larger than 2 64  bits are unrealistic.

Example hashes

The hash of an empty string is:

SHA224("") =
d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f
SHA256("") =
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA384("") =
38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b
SHA512("") =
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

A small change in the message creates a completely different hash. This property is also known as the avalanche effect in cryptography .

SHA224("Franz jagt im komplett verwahrlosten Taxi quer durch Bayern") = 
49b08defa65e644cbf8a2dd9270bdededabc741997d1dadd42026d7b
SHA224("Frank jagt im komplett verwahrlosten Taxi quer durch Bayern") = 
58911e7fccf2971a7d07f93162d8bd13568e71aa8fc86fc1fe9043d1
SHA256("Franz jagt im komplett verwahrlosten Taxi quer durch Bayern") = 
d32b568cd1b96d459e7291ebf4b25d007f275c9f13149beeb782fac0716613f8
SHA256("Frank jagt im komplett verwahrlosten Taxi quer durch Bayern") = 
78206a866dbb2bf017d8e34274aed01a8ce405b69d45db30bafa00f5eeed7d5e
SHA384("Franz jagt im komplett verwahrlosten Taxi quer durch Bayern") = 
71e8383a4cea32d6fd6877495db2ee353542f46fa44bc23100bca48f3366b84e809f0708e81041f427c6d5219a286677
SHA384("Frank jagt im komplett verwahrlosten Taxi quer durch Bayern") = 
ef9cd8873a92190f68a85edccb823649e3018ab4da3aeff54215187c0972f7d77922c72f7c0d90fca01cf3e46af664d2
SHA512("Franz jagt im komplett verwahrlosten Taxi quer durch Bayern") = 
af9ed2de700433b803240a552b41b5a472a6ef3fe1431a722b2063c75e9f07451f67a28e37d09cde769424c96aea6f8971389db9e1993d6c565c3c71b855723c
SHA512("Frank jagt im komplett verwahrlosten Taxi quer durch Bayern") = 
90b30ef9902ae4c4c691d2d78c2f8fa0aa785afbc5545286b310f68e91dd2299c84a2484f0419fc5eaa7de598940799e1091c4948926ae1c9488dddae180bb80

Norms and standards

SHA-2 was first published by NIST itself ...

... and later also published as RFC:

  • RFC 4634 - (July 2006, first version, obsolete): US Secure Hash Algorithms (SHA and HMAC -SHA)
  • RFC 6234 - (May 2011, successor): US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)

See also

The SHA-1 and SHA-256 algorithms are also the basis for the SHACAL block encryption .

Web links

Individual evidence

  1. Federal Register Notice 2012-5400, Announcing Approval of FIPS Publication 180-4
  2. ^ NIST Selects Winner of Secure Hash Algorithm (SHA-3) Competition. NIST , October 2, 2012, accessed on December 6, 2017 (English): "NIST considers SHA-2 to be secure and suitable for general use."
  3. Federal Office for Information Security Technical Guidelines - BSI TR-02102 Cryptographic Procedures: Recommendations and Key Lengths
  4. FIPS PUB 180-4 - Secure Hash Standard (SHS). (pdf) (No longer available online.) NIST , August 2015, archived from the original on November 26, 2016 ; accessed on December 6, 2017 (English, p. 11, para. 4.2.2 SHA-224 and SHA-256 Constants ; p. 12, para. 4.2.3 SHA-384, SHA-512, SHA-512/224 and SHA-512/256 constants ). Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.  @1@ 2Template: Webachiv / IABot / nvlpubs.nist.gov