SHA1.docx

1、SHA1FIPS PUB 180-3 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Secure Hash Standard (SHS) CATEGORY: COMPUTER SECURITY SUBCATEGORY: CRYPTOGRAPHY Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8900October 2008 U.S. Department of Commerc

2、e Carlos M. Gutierrez, Secretary National Institute of Standards and Technology Patrick Gallagher, Acting Director FOREWORD The Federal Information Processing Standards Publication Series of the National Institute of Standards and Technology (NIST) is the official series of publications relating to

3、standards and guidelines adopted and promulgated under the provisions of the Federal Information Security Management Act (FISMA) of 2002. Comments concerning FIPS publications are welcomed and should be addressed to the Director, Information Technology Laboratory, National Institute of Standards and

4、 Technology, 100 Bureau Drive, Stop 8900, Gaithersburg, MD 20899-8900. Cita Furlani, Director Information Technology Laboratory iiiiiAbstract This standard specifies five hash algorithms that can be used to generate digests of messages. The digests are used to detect whether messages have been chang

5、ed since the digests were generated. Key words: computer security, cryptography, message digest, hash function, hash algorithm, Federal Information Processing Standards, Secure Hash Standard. Federal Information Processing Standards Publication 180-3 October 2008 Announcing the SECURE HASH STANDARDF

6、ederal Information Processing Standards Publications (FIPS PUBS) are issued by the National Institute of Standards and Technology (NIST) after approval by the Secretary of Commerce pursuant to Section 5131 of the Information Technology Management Reform Act of 1996 (Public Law 104-106), and the Comp

7、uter Security Act of 1987 (Public Law 100-235). 1. Name of Standard: Secure Hash Standard (SHS) (FIPS PUB 180-3). 2. Category of Standard: Computer Security Standard, Cryptography. 3. Explanation: This Standard specifies five secure hash algorithms - SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 - f

8、or computing a condensed representation of electronic data (message). When a message of any length less than 264 bits (for SHA-1, SHA-224 and SHA-256) or less than 2128 bits (for SHA-384 and SHA-512) is input to a hash algorithm, the result is an output called a message digest. The message digests r

9、ange in length from 160 to 512 bits, depending on the algorithm. Secure hash algorithms are typically used with other cryptographic algorithms, such as digital signature algorithms and keyed-hash message authentication codes, or in the generation of random numbers (bits). The five hash algorithms sp

10、ecified in this Standard are called secure because, for a given algorithm, it is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest. Any change to a message will, with a very high proba

11、bility, result in a different message digest. This will result in a verification failure when the secure hash algorithm is used with a digital signature algorithm or a keyed-hash message authentication algorithm. This Standard supersedes FIPS 180-2 FIPS 180-2. 4. Approving Authority: Secretary of Co

12、mmerce. 5. Maintenance Agency: U.S. Department of Commerce, National Institute of Standards and Technology (NIST), Information Technology Laboratory (ITL). 6. Applicability: This Standard is applicable to all Federal departments and agencies for the protection of sensitive unclassified information t

13、hat is not subject to Title 10 United States Code ivvSection 2315 (10 USC 2315) and that is not within a national security system as defined in Title 44 United States Code Section 3502(2) (44 USC 3502(2). This standard shall be implemented whenever a secure hash algorithm is required for Federal app

14、lications, including use by other cryptographic algorithms and protocols. The adoption and use of this Standard is available to private and commercial organizations. 7. Specifications: Federal Information Processing Standard (FIPS) 180-3, Secure Hash Standard (SHS) (affixed). 8. Implementations: The

15、 secure hash algorithms specified herein may be implemented in software, firmware, hardware or any combination thereof. Only algorithm implementations that are validated by NIST will be considered as complying with this standard. Information about the validation program can be obtained at http:/csrc

16、.nist.gov/groups/STM/index.html. 9. Implementation Schedule: Guidance regarding the testing and validation to FIPS 180-3 and its relationship to FIPS 140-2 can be found in IG 1.10 of the Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program at http:/csrc.nist.gov

17、/groups/STM/cmvp/index.html. 10. Patents: Implementations of the secure hash algorithms in this standard may be covered by U.S. or foreign patents. 11. Export Control: Certain cryptographic devices and technical data regarding them are subject to Federal export controls. Exports of cryptographic mod

18、ules implementing this standard and technical data regarding them must comply with these Federal regulations and be licensed by the Bureau of Export Administration of the U.S. Department of Commerce. Information about export regulations is available at: http:/www.bis.doc.gov/index.htm.12. Qualificat

19、ions: While it is the intent of this Standard to specify general security requirements for generating a message digest, conformance to this Standard does not assure that a particular implementation is secure. The responsible authority in each agency or department shall assure that an overall impleme

20、ntation provides an acceptable level of security. This Standard will be reviewed every five years in order to assess its adequacy. 13. Waiver Procedure: The Federal Information Security Management Act (FISMA) does not allow for waivers to Federal Information Processing Standards (FIPS) that are made

21、 mandatory by the Secretary of Commerce. 14. Where to Obtain Copies of the Standard: This publication is available electronically by accessing http:/csrc.nist.gov/publications/. Other computer security publications are available at the same web site. Federal Information Processing Standards Publicat

22、ion 180-3 Specifications for the SECURE HASH STANDARDTable of Contents1. INTRODUCTION .32. DEFINITIONS.42.1 GLOSSARY OF TERMS AND ACRONYMS .42.2 ALGORITHM PARAMETERS, SYMBOLS, AND TERMS.42.2.1 Parameters .42.2.2 Symbols and Operations.53. NOTATION AND CONVENTIONS .73.1 BIT STRINGS AND INTEGERS .73.2

23、 OPERATIONS ON WORDS.84. FUNCTIONS AND CONSTANTS.104.1 FUNCTIONS .104.1.1 SHA-1 Functions .104.1.2 SHA-224 and SHA-256 Functions.104.1.3 SHA-384 and SHA-512 Functions.104.2 CONSTANTS .114.2.1 SHA-1 Constants .114.2.2 SHA-224 and SHA-256 Constants.114.2.3 SHA-384 and SHA-512 Constants.115. PREPROCESSING .135.1 PADDING THE MESSAGE .135.1.1 SHA-1, SHA-224 and SHA-256 .135.1.2 SHA-384 and SHA-512.135.2 PARSING THE PADDED MESSAGE .145.2.1 SHA-1, SHA-224 and SHA-256 .145.2.2 SHA-384 and SHA-512.1