The SDL Component Suite is an industry leading collection of components supporting scientific and engineering computing. Please visit the SDL Web site for more information....

Background Information on SHA1

The SHA (Secure Hash Algorithm) hash functions refer to five FIPS (Federal Information Processing Standards)-approved algorithms for computing a condensed digital representation (known as the hash code or message digest) that is, to a high degree of probability, unique for a given input data sequence (the message). These algorithms are called "secure" because, for a given algorithm, it is computationally infeasible
  • to find a message that corresponds to a given message digest, or
  • to find two different messages that produce the same message digest.
Any change to a message will, with a very high probability, result in a different message digest.

The five algorithms, denoted SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512, are cryptographic hash functions designed by the National Security Agency (NSA) and published by the NIST as a U. S. government standard. The latter four variants are sometimes collectively referred to as SHA-2. SHA-1 is employed in several widely used security applications and protocols, including TLS and SSL, PGP, SSH, S/MIME, and IPsec.

The original specification of the algorithm was published in 1993 as the Secure Hash Standard, FIPS PUB 180, by US government standards agency NIST (National Institute of Standards and Technology). This version is now often referred to as SHA-0. It was withdrawn by the NSA shortly after publication and was superseded by the revised version, published in 1995 in FIPS PUB 180-1 and commonly referred to as SHA-1. SHA-1 differs from SHA-0 only by a single bitwise rotation in the message schedule of its compression function; this was done, according to the NSA, to correct a flaw in the original algorithm which reduced its cryptographic security. However, the NSA did not provide any further explanation or identify what flaw was corrected. Weaknesses have subsequently been reported in both SHA-0 and SHA-1. SHA-1 appears to provide greater resistance to attacks, supporting the NSA’s assertion that the change increased the security.

SHA-1 produces a 160-bit digest from a message with a maximum length of 264 - 1 bits and is based on principles similar to those used by Ronald L. Rivest of MIT in the design of the MD4 and MD5 message digest algorithms.

The SDL Component Suite provides three different functions which apply the SHA-1 algorithm to strings, streams, and files, respectively: SHA1FromString, SHA1FromStream, and SHA1FromFile

Hint: More information on the SHA-1 algorithm and a reference implementation in C can be found in the corresponding RFC3174

Last Update: 2012-Oct-20