In August 2002, FIPS PUB 180-2 became the new Secure Hash Standard, replacing FIPS PUB 180-1, which was released in April 1995. The algorithms were first published in 2001 in the draft FIPS PUB 180-2, at which time public review and comments were accepted. The algorithms are collectively known as SHA-2, named after their digest lengths (in bits): SHA-256, SHA-384, and SHA-512. With the publication of FIPS PUB 180-2, NIST added three additional hash functions in the SHA family. The blue components perform the following operations:Ĭh ( E, F, G ) = ( E ∧ F ) ⊕ ( ¬ E ∧ G ) is addition modulo 2 32 for SHA-256, or 2 64 for SHA-512. One iteration in a SHA-2 family compression function. Īs of 2011, the best public attacks break preimage resistance for 52 out of 64 rounds of SHA-256 or 57 out of 80 rounds of SHA-512, and collision resistance for 46 out of 64 rounds of SHA-256. The United States has released the patent under a royalty-free license. The SHA-2 family of algorithms are patented in the U.S. SHA-2 was first published by the National Institute of Standards and Technology (NIST) as a U.S. SHA-512/224 and SHA-512/256 are also truncated versions of SHA-512, but the initial values are generated using the method described in Federal Information Processing Standards (FIPS) PUB 180-4. SHA-224 and SHA-384 are truncated versions of SHA-256 and SHA-512 respectively, computed with different initial values. They use different shift amounts and additive constants, but their structures are otherwise virtually identical, differing only in the number of rounds. SHA-256 and SHA-512 are novel hash functions computed with eight 32-bit and 64-bit words, respectively. SHA-2 includes significant changes from its predecessor, SHA-1. They are built using the Merkle–Damgård construction, from a one-way compression function itself built using the Davies–Meyer structure from a specialized block cipher. SHA-2 ( Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. By guessing the hidden part of the state, length extension attacks on SHA-224 and SHA-384 succeed with probability 2 −(256−224) = 2 −32 > 2 −224 and 2 −(512−384) = 2 −128 > 2 −384 respectively. SHA-256 and SHA-512 are prone to length extension attacks. Pseudo-collision attack against up to 46 rounds of SHA-256. Merkle–Damgård construction with Davies–Meyer compression functionĪ 2011 attack breaks preimage resistance for 57 out of 80 rounds of SHA-512, and 52 out of 64 rounds for SHA-256.
0 Comments
Leave a Reply. |