SHA1.docx
《SHA1.docx》由会员分享,可在线阅读,更多相关《SHA1.docx(63页珍藏版)》请在冰豆网上搜索。
SHA1
FIPSPUB180-3
FEDERALINFORMATIONPROCESSINGSTANDARDS
PUBLICATION
SecureHashStandard(SHS)
CATEGORY:
COMPUTERSECURITYSUBCATEGORY:
CRYPTOGRAPHY
InformationTechnologyLaboratory
NationalInstituteofStandardsandTechnology
Gaithersburg,MD20899-8900
October2008
U.S.DepartmentofCommerce
CarlosM.Gutierrez,Secretary
NationalInstituteofStandardsandTechnology
PatrickGallagher,ActingDirector
FOREWORD
TheFederalInformationProcessingStandardsPublicationSeriesoftheNationalInstitute
ofStandardsandTechnology(NIST)istheofficialseriesofpublicationsrelatingto
standardsandguidelinesadoptedandpromulgatedundertheprovisionsoftheFederal
InformationSecurityManagementAct(FISMA)of2002.
CommentsconcerningFIPSpublicationsarewelcomedandshouldbeaddressedtothe
Director,InformationTechnologyLaboratory,NationalInstituteofStandardsand
Technology,100BureauDrive,Stop8900,Gaithersburg,MD20899-8900.
CitaFurlani,Director
InformationTechnologyLaboratory
iiiii
Abstract
Thisstandardspecifiesfivehashalgorithmsthatcanbeusedtogeneratedigestsof
messages.Thedigestsareusedtodetectwhethermessageshavebeenchangedsincethe
digestsweregenerated.
Keywords:
computersecurity,cryptography,messagedigest,hashfunction,hash
algorithm,FederalInformationProcessingStandards,SecureHashStandard.FederalInformation
ProcessingStandardsPublication180-3
October2008
Announcingthe
SECUREHASHSTANDARD
FederalInformationProcessingStandardsPublications(FIPSPUBS)areissuedbytheNational
InstituteofStandardsandTechnology(NIST)afterapprovalbytheSecretaryofCommerce
pursuanttoSection5131oftheInformationTechnologyManagementReformActof1996
(PublicLaw104-106),andtheComputerSecurityActof1987(PublicLaw100-235).
1.NameofStandard:
SecureHashStandard(SHS)(FIPSPUB180-3).
2.CategoryofStandard:
ComputerSecurityStandard,Cryptography.
3.Explanation:
ThisStandardspecifiesfivesecurehashalgorithms-SHA-1,SHA-224,SHA-
256,SHA-384,andSHA-512-forcomputingacondensedrepresentationofelectronicdata
(message).Whenamessageofanylengthlessthan2
64
bits(forSHA-1,SHA-224andSHA-256)
orlessthan2
128
bits(forSHA-384andSHA-512)isinputtoahashalgorithm,theresultisan
outputcalledamessagedigest.Themessagedigestsrangeinlengthfrom160to512bits,
dependingonthealgorithm.Securehashalgorithmsaretypicallyusedwithothercryptographic
algorithms,suchasdigitalsignaturealgorithmsandkeyed-hashmessageauthenticationcodes,or
inthegenerationofrandomnumbers(bits).
ThefivehashalgorithmsspecifiedinthisStandardarecalledsecurebecause,foragiven
algorithm,itiscomputationallyinfeasible1)tofindamessagethatcorrespondstoagiven
messagedigest,or2)tofindtwodifferentmessagesthatproducethesamemessagedigest.Any
changetoamessagewill,withaveryhighprobability,resultinadifferentmessagedigest.This
willresultinaverificationfailurewhenthesecurehashalgorithmisusedwithadigitalsignature
algorithmorakeyed-hashmessageauthenticationalgorithm.
ThisStandardsupersedesFIPS180-2[FIPS180-2].
4.ApprovingAuthority:
SecretaryofCommerce.
5.MaintenanceAgency:
U.S.DepartmentofCommerce,NationalInstituteofStandardsand
Technology(NIST),InformationTechnologyLaboratory(ITL).
6.Applicability:
ThisStandardisapplicabletoallFederaldepartmentsandagenciesforthe
protectionofsensitiveunclassifiedinformationthatisnotsubjecttoTitle10UnitedStatesCode
ivv
Section2315(10USC2315)andthatisnotwithinanationalsecuritysystemasdefinedinTitle
44UnitedStatesCodeSection3502
(2)(44USC3502
(2)).Thisstandardshallbeimplemented
wheneverasecurehashalgorithmisrequiredforFederalapplications,includingusebyother
cryptographicalgorithmsandprotocols.TheadoptionanduseofthisStandardisavailableto
privateandcommercialorganizations.
7.Specifications:
FederalInformationProcessingStandard(FIPS)180-3,SecureHashStandard
(SHS)(affixed).
8.Implementations:
Thesecurehashalgorithmsspecifiedhereinmaybeimplementedin
software,firmware,hardwareoranycombinationthereof.Onlyalgorithmimplementationsthat
arevalidatedbyNISTwillbeconsideredascomplyingwiththisstandard.Informationaboutthe
validationprogramcanbeobtainedathttp:
//csrc.nist.gov/groups/STM/index.html.
9.ImplementationSchedule:
GuidanceregardingthetestingandvalidationtoFIPS180-3
anditsrelationshiptoFIPS140-2canbefoundinIG1.10oftheImplementationGuidancefor
FIPSPUB140-2andtheCryptographicModuleValidationProgramat
http:
//csrc.nist.gov/groups/STM/cmvp/index.html.
10.Patents:
Implementationsofthesecurehashalgorithmsinthisstandardmaybecoveredby
U.S.orforeignpatents.
11.ExportControl:
Certaincryptographicdevicesandtechnicaldataregardingthemare
subjecttoFederalexportcontrols.Exportsofcryptographicmodulesimplementingthisstandard
andtechnicaldataregardingthemmustcomplywiththeseFederalregulationsandbelicensedby
theBureauofExportAdministrationoftheU.S.DepartmentofCommerce.Informationabout
exportregulationsisavailableat:
http:
//www.bis.doc.gov/index.htm.
12.Qualifications:
WhileitistheintentofthisStandardtospecifygeneralsecurity
requirementsforgeneratingamessagedigest,conformancetothisStandarddoesnotassurethat
aparticularimplementationissecure.Theresponsibleauthorityineachagencyordepartment
shallassurethatanoverallimplementationprovidesanacceptablelevelofsecurity.This
Standardwillbereviewedeveryfiveyearsinordertoassessitsadequacy.
13.WaiverProcedure:
TheFederalInformationSecurityManagementAct(FISMA)doesnot
allowforwaiverstoFederalInformationProcessingStandards(FIPS)thataremademandatory
bytheSecretaryofCommerce.
14.WheretoObtainCopiesoftheStandard:
Thispublicationisavailableelectronicallyby
accessinghttp:
//csrc.nist.gov/publications/.Othercomputersecuritypublicationsareavailableat
thesamewebsite.FederalInformation
ProcessingStandardsPublication180-3
Specificationsforthe
SECUREHASHSTANDARD
TableofContents
1.INTRODUCTION.....................................................................................................................................3
2.DEFINITIONS...........................................................................................................................................4
2.1GLOSSARYOFTERMSANDACRONYMS.............................................................................................4
2.2ALGORITHMPARAMETERS,SYMBOLS,ANDTERMS...........................................................................4
2.2.1Parameters...........................................................................................................................4
2.2.2SymbolsandOperations.......................................................................................................5
3.NOTATIONANDCONVENTIONS.......................................................................................................7
3.1BITSTRINGSANDINTEGERS..............................................................................................................7
3.2OPERATIONSONWORDS....................................................................................................................8
4.FUNCTIONSANDCONSTANTS.........................................................................................................10
4.1FUNCTIONS......................................................................................................................................10
4.1.1SHA-1Functions................................................................................................................10
4.1.2SHA-224andSHA-256Functions......................................................................................10
4.1.3SHA-384andSHA-512Functions......................................................................................10
4.2CONSTANTS.....................................................................................................................................11
4.2.1SHA-1Constants................................................................................................................11
4.2.2SHA-224andSHA-256Constants......................................................................................11
4.2.3SHA-384andSHA-512Constants......................................................................................11
5.PREPROCESSING.................................................................................................................................13
5.1PADDINGTHEMESSAGE..................................................................................................................13
5.1.1SHA-1,SHA-224andSHA-256..........................................................................................13
5.1.2SHA-384andSHA-512.......................................................................................................13
5.2PARSINGTHEPADDEDMESSAGE.....................................................................................................14
5.2.1SHA-1,SHA-224andSHA-256..........................................................................................14
5.2.2SHA-384andSHA-512.......................................................................................................1
升级会员 