![]() The previous revision from 2007 specified the cutoff to be the end of 2010. The publication disallowed creation of digital signatures with a hash security lower than 112 bits after 2013. In July 2012, NIST revised SP800-57, which provides guidance for cryptographic key management. Padding the final data block must still occur prior to hash output. Additionally, a restriction on padding the input data prior to hash calculation was removed, allowing hash data to be calculated simultaneously with content generation, such as a real-time video or audio feed. ![]() In March 2012, the standard was updated in FIPS PUB 180-4, adding the hash functions SHA-512/224 and SHA-512/256, and describing a method for generating initial values for truncated versions of SHA-512. In January 2011, NIST published SP800-131A, which specified a move from the then-current minimum of 80-bit security (provided by SHA-1) allowable for federal government use until the end of 2013, to 112-bit security (provided by SHA-2) being both the minimum requirement (starting in 2014) and the recommended security level (starting from the publication date in 2011). Detailed test data and example message digests were also removed from the standard, and provided as separate documents. The primary motivation for updating the standard was relocating security information about the hash algorithms and recommendations for their use to Special Publications 800-107 and 800-57. In October 2008, the standard was updated in FIPS PUB 180-3, including SHA-224 from the change notice, but otherwise making no fundamental changes to the standard. In February 2004, a change notice was published for FIPS PUB 180-2, specifying an additional variant, SHA-224, defined to match the key length of two-key Triple DES. ![]() The updated standard included the original SHA-1 algorithm, with updated technical notation consistent with that describing the inner workings of the SHA-2 family. In August 2002, FIPS PUB 180-2 became the new Secure Hash Standard, replacing FIPS PUB 180-1, which was released in April 1995. The algorithms were first published in 2001 in the draft FIPS PUB 180-2, at which time public review and comments were accepted. The algorithms are collectively known as SHA-2, named after their digest lengths (in bits): SHA-256, SHA-384, and SHA-512. With the publication of FIPS PUB 180-2, NIST added three additional hash functions in the SHA family. The blue components perform the following operations:Ĭh ( E, F, G ) = ( E ∧ F ) ⊕ ( ¬ E ∧ G ) is addition modulo 2 32 for SHA-256, or 2 64 for SHA-512. One iteration in a SHA-2 family compression function. Īs of 2011, the best public attacks break preimage resistance for 52 out of 64 rounds of SHA-256 or 57 out of 80 rounds of SHA-512, and collision resistance for 46 out of 64 rounds of SHA-256. The United States has released the patent under a royalty-free license. The SHA-2 family of algorithms are patented in the U.S. ![]() SHA-2 was first published by the National Institute of Standards and Technology (NIST) as a U.S. SHA-512/224 and SHA-512/256 are also truncated versions of SHA-512, but the initial values are generated using the method described in Federal Information Processing Standards (FIPS) PUB 180-4. SHA-224 and SHA-384 are truncated versions of SHA-256 and SHA-512 respectively, computed with different initial values. ![]() They use different shift amounts and additive constants, but their structures are otherwise virtually identical, differing only in the number of rounds. SHA-256 and SHA-512 are novel hash functions computed with eight 32-bit and 64-bit words, respectively. SHA-2 includes significant changes from its predecessor, SHA-1. They are built using the Merkle–Damgård construction, from a one-way compression function itself built using the Davies–Meyer structure from a specialized block cipher. SHA-2 ( Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. By guessing the hidden part of the state, length extension attacks on SHA-224 and SHA-384 succeed with probability 2 −(256−224) = 2 −32 > 2 −224 and 2 −(512−384) = 2 −128 > 2 −384 respectively. SHA-256 and SHA-512 are prone to length extension attacks. Pseudo-collision attack against up to 46 rounds of SHA-256. Merkle–Damgård construction with Davies–Meyer compression functionĪ 2011 attack breaks preimage resistance for 57 out of 80 rounds of SHA-512, and 52 out of 64 rounds for SHA-256. ![]()
0 Comments
Leave a Reply. |