Difference between revisions of "SHA-1"
From The ECRYPT Hash Function Website
(→General) |
|||
Line 1: | Line 1: | ||
== General == | == General == | ||
+ | * max. message length: < 2<sup>64</sup> bits | ||
+ | * digest size: 160 bits | ||
* type: iterative hash function | * type: iterative hash function | ||
* compression function: 512-bit message block, 160-bit chaining variable | * compression function: 512-bit message block, 160-bit chaining variable | ||
− | |||
* [http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf Specification: FIPS 180-2 Secure Hash Standard] | * [http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf Specification: FIPS 180-2 Secure Hash Standard] | ||
Revision as of 15:42, 16 October 2006
Contents
1 General
- max. message length: < 264 bits
- digest size: 160 bits
- type: iterative hash function
- compression function: 512-bit message block, 160-bit chaining variable
- Specification: FIPS 180-2 Secure Hash Standard
2 Cryptanalysis
2.1 Collision Attacks
Here I would list all papers that deal with SHA-1. We should also give the abstract and the bibtex entry for the corresponding paper. Additionall we should give our opinion about the attack described in the paper.
2.2 Second Preimage Attacks
There exists a generic attack (works for all iterated hash functions). See ....
2.3 Preimage Attacks
We are not aware of any article describing preimage attacks on SHA-1.
3 eHash Recommendation
Something like: SHA-1 is considered to be broken. Please do not incorporate SHA-1 in new application any longer. Try to migrate to another hash function.