The SHA-1 Hashing algorithm specifies a Secure Hash Algorithm, which can be used to generate a condensed representation of a message called a message digest. The algorithm is required for use with the Digital Signature Algorithm (DSA) as specified in the Digital Signature Standard (DSS) and whenever a secure hash algorithm is required. Both the transmitter and intended receiver of a message in computing and verifying a digital signature use this method.
The four hash functions that comprise SHA-2 are SHA-224, SHA-256 (SHA 256 Algorithm), SHA-384, and SHA-512, with the numeric portion of the name indicating the number of bits in the key. SHA-2 functions are more secure than SHA-1 although not as widely used currently.
SHA-1 Algorithm
SHA-1 Hash is used for computing a condensed representation of a message or a data file. When a message of any length < 2^64 bits is input, the Hash algorithm produces a 160-bit output called a message digest. The message digest can then be input to the Digital Signature Algorithm (DSA), which generates or verifies the signature for the message. Signing the message digest rather than the message often improves the efficiency of the process because the message digest is usually much smaller in size than the message. The same hash algorithm must be used by the verifier of a digital signature as was used by the creator of the digital signature.
SHA-1 is no longer considered secure. As designed, it was thought to be computationally infeasible to find a message which corresponds to a given message digest, or to find two different messages which produce the same message digest. Any change to a message in transit would, with very high probability, result in a different message digest, and the signature would fail to verify. It has since been found to have meaningful weaknesses. SHA-1 is a technical revision of SHA (FIPS 180). A circular left shift operation has been added to the SHA (FIPS 180). SHA-1 improves the security provided by the SHA standard. The SHA-1 is based on principles similar to those used by the MD4 message digest algorithm.
Features
- The algorithm is used to compute a message digest for a message or data file that is provided as input.
- The message or data file should be considered to be a bit string.
- The length of the message is the number of bits in the message (the empty message has length 0).
- If the number of bits in a message is a multiple of 8, for compactness we can represent the message in hex.
- Message is padded to a multiple of 512.
- As a summary, a “1” followed by m “0”s followed by a 64-bit integer are appended to the end of the message to produce a padded message of length 512 * n.
- The 64-bit integer is l, the length of the original message.
- The padded message is then processed by the SHA-1 as n 512-bit blocks.
More Information
- Digital Signature Algorithm
- Reference Designs
- Communication Security Software
- Communication Security Research
