The SHA Hashing Algorithm
4 likes1,893 views
The document discusses the importance of the SHA hashing algorithm and cryptography in protecting data integrity and privacy within data centers. It details the evolution of the SHA family, from SHA-0 to SHA-3, and provides recommendations on which algorithms to use based on data length. Additionally, it outlines the applications of SHA algorithms in ensuring message integrity across various internet protocols and for specific uses like password storage and Bitcoin transaction verification.
The SHA Hashing Algorithm
- 1. The SHA Hashing Algorithm
- 2. Data Protection in the Data Center Why are we bothering with cryptography when talking about data centers? If we believe that the data center is a treasure chest for our business’ most important assets, then we have to realize the importance and the role of cryptography for: a) Maintaining the integrity of data b) Protecting data privacy, especially with new regulatory constraints - In Motion, In Use, and At Rest
- 3. Hashing Algorithms and Cryptography Hashing algorithms (or hashing functions) are not technically encryption algorithms at all. They are though, an essential component in cryptography along with symmetric encryption and asymmetric encryption algorithms. Hashing algorithms are also known as a Message Digests.
- 4. Message Digest: Data Fingerprint Message-Digest algorithms are mathematical functions that transform a data string of arbitrary length into a new string of data of fixed length (In this case, there are options for the length of the digest, but it’s always fixed for each algorithm). The output of the algorithm can be thought of as a “fingerprint” of the input data. That is, it is a unique representation of the input data. Important Points: 1) It should be impossible to have two different versions of the input data that returns the same output data. 2) It cannot be reversed! It should be impossible to produce the input value even if you know the output value. It’s a one-way function!
- 5. The Secure Hash Algorithm (SHA) The SHA hashing algorithm is actually a family of algorithms: SHA-0, SHA-1, SHA-2, SHA-3. Created through the US Government’s “Capstone” project, driven by NIST and the NSA. SHA-0 was quickly withdrawn after release and replaced by SHA-1 SHA-1 produces a 160-bit hash value. In 2015, SHA-1 was revealed to be vulnerable to collisions at a cost of only $75-120K using EC2 nodes, putting it within reach of criminal syndicates.
- 6. SHA-2 The US Government recommends SHA-2 as a replacement for SHA-1. SHA-2 is a family of hash functions in its own way ! Message Digest lengths of 224, 256, 384, and 512 bits are available.
- 7. How does it work then? SHA works like all hashing functions work, by applying a compression function to the input data. SHA works in block mode, first separating the data into words, and then grouping the words into blocks. The words are 32-bit strings converted to hexadecimal, grouped together as 16 words to make up a 512-bit block. The message can be padded with zeros and an integer describing the original message length is appended. Once formatted for processing, the actual hash is generated. The 512-bit blocks are taken in order, processing them algorithmically through a series of buffers. After done for all blocks, the entire message is now represented by the fixed length string of the hash.
- 8. Of course- SHA-3 And if you’re wondering, of course there is also a SHA-3. NIST created a competition in 2006 to create a new hashing function standard. This was not to replace SHA-2, but as an alternative and dissimilar cryptographic hashing function. SHA-3 has been an official NIST hashing standard since 2015. A notable “dissimilarity” with SHA-3 is its use of a sponge function, which is unlike earlier SHA algorithms.
- 9. Which SHA should I use? So when do you use which SHA algorithm? Well the Federal Information Processing Standard (FIPS) recommends the following. Use SHA-1, SHA-224, and SHA-256 for messages less than 264 bits in length. SHA-384 and SHA-512 are recommended for messages less than 2128 bits in length. The value of digital fingerprints is straightforward, and there are many choices of hashing algorithms to use. When applying a hashing algorithm, one may encounter tradeoffs such as collision resistance and also processing speed.
- 10. Hashing Algorithm Speed Comparison Hashing algorithms consume data processing resources of one form or another. This chart comes from Javamex showing the differences in processing time for the various hashing algorithms.
- 11. Applications of SHA Hashing Algorithms Applications for SHA-1 and SHA-2 are many for demonstrating message integrity, including password storage, file verification, and digital signatures. They are used in common Internet applications such as TLS and SSL, PGP, SSH, S/MIME and IPsec. SHA-2 is widely used for authentication of software packages and digital media. SHA-256 and SHA-512 have been proposed for use in DNSSEC and also for Unix and Linux password hashing. SHA-256 is used for Bitcoin transaction verification.