Professional Documents
Culture Documents
Sha 1
Sha 1
SHA Overview
1. pad message so its length is 448 mod 512
2. append a 64-bit length value to message
3. initialise 5-word (160-bit) buffer (A,B,C,D,E) to
(67452301,efcdab89,98badcfe,10325476,c3d2e1f0)
4. process message in 16-word (512-bit) chunks:
expand 16 words into 80 words by mixing & shifting
use 4 rounds of 20 bit operations on message block &
buffer
add output to input to form new buffer value
5. output hash value is the final buffer value
EXAMPLE
test' => SHA-1 =>
'a94a8fe5ccb19ba61c4c0873d391e987982fbbd3'
It should be true that only 'test' will result in
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 being
output.
Also, every time that anyone anywhere runs the word 'test'
through the SHA-1 function, they should always get:
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3.
Finally, if I were to give you only hash value and tell you
that it came from the SHA-1, you should have absolutely no
way to figure out what was put into the function to create
that.
A Test
SHA-1 iteration
Cryptanaylsis of SHA-1
In 2005 three Chinese cryptographers showed that SHA-1 is not
collision-free. That is, they developed an algorithm for finding
collisions faster than brute force.
SHA-1 produces a 160-bit hash. That is, every message hashes
down to a 160-bit number. Given that there are an infinite number
of messages that hash to each possible value, there are an
infinite number of possible collisions. But because the number of
possible hashes is so large, the odds of finding one by chance is
negligibly small (one in 280, to be exact). If you hashed
280 random messages, you'd find one pair that hashed to the
same value. That's the "brute force" way of finding collisions,
They can find collisions in SHA-1 in 269 calculations, about 2,000
times faster than brute force,later improved to 2 63 operations.