Secure Hash Algorithm | |
---|---|
Concepts | |
hash functions · SHA · DSA | |
Main standards | |
SHA-0 · SHA-1 · SHA-2 · SHA-3
|
|
General | |
---|---|
Designers | National Security Agency |
First published | 1993 (SHA-0), 1995 (SHA-1) |
Series | (SHA-0), SHA-1, SHA-2, SHA-3 |
Certification | FIPS PUB 180-4, CRYPTREC (Monitored) |
Cipher detail | |
Digest sizes | 160 bits |
Block sizes | 512 bits |
Structure | Merkle–Damgård construction |
Rounds | 80 |
Best public cryptanalysis | |
A 2011 attack by Marc Stevens can produce hash collisions with a complexity between 260.3 and 265.3 operations. As of October 2015[update], no actual collisions are publicly known. |
In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function designed by the United States National Security Agency and is a U.S. Federal Information Processing Standard published by the United States NIST. SHA-1 produces a 160-bit (20-byte) hash value known as a message digest. A SHA-1 hash value is typically rendered as a hexadecimal number, 40 digits long.
SHA-1 is no longer considered secure against well-funded opponents. In 2005, cryptanalysts found attacks on SHA-1 suggesting that the algorithm might not be secure enough for ongoing use, and since 2010 many organizations have recommended its replacement by SHA-2 or SHA-3.Microsoft,Google,Apple and Mozilla have all announced that their respective browsers will stop accepting SHA-1 SSL certificates by 2017.
SHA-1 produces a message digest based on principles similar to those used by Ronald L. Rivest of MIT in the design of the MD4 and MD5 message digest algorithms, but has a more conservative design.
SHA-1 was developed as part of the U.S. Government's Capstone project. The original specification of the algorithm was published in 1993 under the title Secure Hash Standard, FIPS PUB 180, by U.S. government standards agency NIST (National Institute of Standards and Technology). This version is now often named SHA-0. It was withdrawn by the NSA shortly after publication and was superseded by the revised version, published in 1995 in FIPS PUB 180-1 and commonly designated SHA-1. SHA-1 differs from SHA-0 only by a single bitwise rotation in the message schedule of its compression function. According to the NSA, this was done to correct a flaw in the original algorithm which reduced its cryptographic security, but they did not provide any further explanation. Publicly available techniques did indeed compromise SHA-0 before SHA-1.