**The Secure Hash Algorithm exists in various versions and provides hash functions for determining unmistakable check values of digital data. A check value can be used to ensure the integrity of the data. SHA is used for signature procedures, for example. An important property of a hash procedure is collision resistance.**

Contents

## What is SHA (Secure Hash Algorithm)?

The abbreviation SHA stands for Secure Hash Algorithm. These are cryptographic hash functions that can be used to ensure the integrity of digital data. The Secure Hash Algorithm is often also referred to as a fingerprint for digital data. The hash function can be used to calculate a verification value of any digital data.

Comparing the verification values of generated and received messages makes it possible to detect changes or manipulations. The Secure Hash Algorithm provides important basic functions for creating digital signatures and digital certificates.

In addition, the algorithm is used in numerous protocols and applications such as SSL (Secure Sockets Layer), IPSec (Internet Protocol Security), PGP (Pretty Good Privacy), or S/MIME (Secure / Multipurpose Internet Mail Extensions). An important property of the Secure Hash Algorithm is collision resistance. Different digital data or messages should never generate the same verification value. The procedure was developed by the National Security Agency (NSA) of the USA on behalf of the standardization authority NIST (National Institute of Standards and Technology). The original version SHA-0 had serious weaknesses and was replaced by a corrected successor version SHA-1 in 1995. Further improved versions SHA-2 and SHA-3 followed. Due to recognized weaknesses in version 1, it is now recommended that versions 2 or 3 be used to form check values.

## Basic information about the hash function

Hash functions form a kind of digital fingerprint for electronic documents. They create a unique check value of fixed length from messages of any length. The hash function should not be reversible under any circumstances and should never provide the same check values for different messages (collision resistance).

Other important requirements for hash functions are efficient computability and the shortest possible check values. Various mathematical and cryptographic methods are used to calculate the check value. First, the message is split according to a specific method. This is followed by the formation of the hash value.

A very well-known cryptographic hash function is the Message Digest Algorithm 5 (MD5). MD5 generates a 128-bit hash value from any message. Today, however, MD5 is no longer considered secure, since it is possible with a reasonable computational effort to generate identical hash values from different data. For this reason, the newer versions of the Secure Hash Algorithm are generally used.

Briefly summarized, the most important properties of the hash functions are as follows:

- Generation of a check value from messages of arbitrary length
- Efficient calculation
- Not reversible
- No identical hash values for different source data (collision safety)
- Shortest possible hash values
- The different SHA versions
- The Secure Hash Algorithm Version 0 (SHA-0)

The first version of the Secure Hash Algorithm is also known as SHA-0. It forms hash values with a length of 160 bits from data with a maximum length of approximately two exbibytes. Compared to MD5 with a hash length of 128 bits, the 160-bit hash value is longer and less susceptible to brute force methods for generating collisions.

The initial version of the Secure Hash Algorithm SHA-0 quickly became obsolete due to a methodological error and the resulting security deficiencies and hardly gained any practical significance. A corrected successor version followed as early as 1995 with SHA-1, which remedied the security problems. In the meantime, SHA-1 is no longer considered sufficiently secure. Therefore the versions SHA-2 and SHA-3 appeared. The following is a short overview of the different Secure Hash Algorithm versions SHA-1, SHA-2, and SHA-3.

## The Secure Hash Algorithm Version 1 (SHA-1)

SHA-1 is the corrected version of SHA-0. Only a relatively small detail of the algorithm was corrected. The basic procedure and the number of rounds to be run to form the check value have not changed. The generation of collisions is associated with considerably more effort in SHA-1 compared to SHA-0. Since around 2004, SHA-1 has also been regarded as no longer sufficiently secure.

This version is also vulnerable to collision attacks, even though the considerable computational effort is required. Despite the recognized weaknesses, SHA-1 is still used in numerous procedures and protocols. Security experts strongly recommend the use of the SHA-2 or SHA-3 hash algorithms.

## The Secure Hash Algorithm Version 2 (SHA-2)

The Secure Hash Algorithm Version 2 (SHA-2) differs from SHA-1 in several features and functions. For example, the hash values are no longer 160 bits long, but 224, 256, 384, or 512 bits long. Analogous to SHA-2, designations such as SHA-224, SHA-256, SHA-384, or SHA-512 are used to designate the lengths of the hash values.

Like the previous version, SHA-2 uses a Merkle-Damgård construction with Davies-Meyer compression function. The keys and data words are 32 or 64 bits long, the message blocks 512 or 1024 bits. To generate the hash value, 64 or 80 rounds of several different logical functions are run. Nowadays, almost all common operating systems support the Secure Hash Algorithm version 2 (SHA-2).

## The Secure Hash Algorithm Version 3 (SHA-3)

The Merkle-Damgård construction used for SHA-1 and SHA-2 has some weaknesses that were already recognized in 2004. To eliminate these weaknesses and implement a secure SHA hash function, the National Institute of Standards and Technology (NIST) sought an alternative through a competition. In 2012, they chose Keccak, developed by Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche.

The standardization of SHA-3 using Keccak finally took place in 2015. Basically, SHA-3 is structured differently than SHA-2 and SHA-1, and several variants have been standardized. These variants are SHA-3-224, SHA-3-256, SHA-3-384, and SHA-3-512, with the last number denoting the length of the hash value. In addition, the variants SHAKE128 and SHAKE256 exist. With SHAKE128 and SHAKE256, the length of the hash values is not fixed. The hash values can be generated in different lengths.