Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

SHA-1 (Secure Hash Algorithm 1)



SHA-1 is a cryptographic hash function that generates a 160-bit hash value (also known as a message digest) from any input message up to 264 - 1 bits.

The National Security Agency (NSA) devised SHA-1, which was published by the National Institute of Standards and Technology (NIST) in 1995 as part of the Secure Hash Standard (SHS).

SHA-1 is a one-way function, which means it is impossible to compute to figure out the original message from its hash value.

SHA-1 Algorithm

In the above image, in one cycle of the SHA-1 compression function, A, B, C, D, and E represent 32-bit state words.

  • F = nonlinear function that varies.
  • ⋘n = left-bit rotation by n places.
  • n = varies for each operation.
  • Wt = expanded message word of round t;
  • Kt = round constant of round t; and
  • ⊞ = addition modulo 232.

Algorithm

Here are the steps we need to follow in SHA-1 −

  • Initialization
    • Let's start with some initial values.
    • Set all five variables (h0 to h4) with the correct values.
  • Pre-processing
    • Prepare the message ready for hashing.
    • A '1' bit should be added to the message's end.
    • To set a maximum length for the message, append a few '0' bits.
    • At the end of the message, include the message's original length (in bits).
  • Processing
    • Divide the message into manageable parts and deal with each one separately.
    • There should be 512 bits in each section.
    • Divide the pieces into sixteen 32-bit words each.
    • Use a formula to extend these words into eighty 32-bit words.
  • Main loop
    • Go through every word and do some calculations.
    • Based on the position and values of the word, update the temporary variables.
    • As per these calculations, update the hash values.
  • Finalization
    • To get the final hash, combine the hash values.
    • Using a predetermined order, arrange the hash values to generate a 160-bit integer.

Implementation of SHA-1

Here are Python and Java implementations of the SHA-1 algorithm, along with the results −

Using Python

The SHA-1 algorithm is implemented in this Python by using the hashlib package. It defines the function sha1, which accepts a message as input and outputs the hash generated using SHA-1. Within the function, a SHA-1 hash object is generated and updated with the input message, and the hash's hexadecimal digest is returned.

import hashlib

def sha1(message):
   # generate a SHA-1 hash object
   sha1_hash = hashlib.sha1()

   # update the hash object 
   sha1_hash.update(message.encode('utf-8'))

   # hexadecimal digest of the hash
   return sha1_hash.hexdigest()

# execute the function
message = "Hello, everyone!"
sha1_hash = sha1(message)
print("SHA-1 hash:", sha1_hash)

Output

SHA-1 hash: 9a8bfaaace7b9e422f79ef862956e3512aa9d8ea

Using Java

In this Java code, we will use the java.security.MessageDigest class. The class implements the SHA-1 algorithm. It defines a method called sha1 that takes a message as input and returns its SHA-1 hash. The function creates a MessageDigest object for SHA-1, updates it with message bytes, gets digest bytes. So refer the below code in Java for SHA-1 −

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public class SHA1 {
   public static String sha1(String message) {
      try {
         // generate a MessageDigest object here
         MessageDigest md = MessageDigest.getInstance("SHA-1");

         // then update the digest
         md.update(message.getBytes());

         // the digest bytes
         byte[] digestBytes = md.digest();

         // change the bytes to hexadecimal
         StringBuilder sb = new StringBuilder();
         for (byte b : digestBytes) {
            sb.append(String.format("%02x", b));
         }

         return sb.toString();
      } catch (NoSuchAlgorithmException e) {
         e.printStackTrace();
         return null;
      }
   }

   public static void main(String[] args) {
      // execute the function
      String message = "Hello, tutorialspoint!";
      String sha1Hash = sha1(message);
      System.out.println("SHA-1 hash: " + sha1Hash);
   }
}

Output

SHA-1 hash: 92c2164b880f6a60355a0764dd59ae828b53d6f3

Properties of SHA-1

SHA-1 has several features that make it appropriate for various applications −

  • The fundamental purpose of a hash function is to generate a different hash value for each input message. SHA-1 ensures that two different messages are unlikely to generate the same hash result, making it resistant to collision attacks.
  • SHA-1 is a one-way function, which means that the original message cannot be retrieved from its hash value. This attribute is critical for digital signatures, password storage, and other security-related applications.
  • SHA-1 has a set output length of 160 bits, no matter the size of the input message. This allows you to easily compare hash values and save them in databases.

Applications of SHA-1

SHA-1 is used in a variety of applications, like −

  • Digital Signatures − To ensure data integrity and non-repudiation, digital signature algorithms like the Digital Signature Standard (DSS) use SHA-1.
  • Password Storage − Passwords are stored in databases using SHA-1. Instead of saving the actual password, the system stores the password's hash value, making it difficult for attackers to steal it.
  • Secure Communications − SHA-1 protects data integrity and secrecy in secure communication protocols like Transport Layer Security (TLS) and Secure Sockets Layer (SSL).

Vulnerabilities of SHA-1

While SHA-1 was previously considered as a secure hash algorithm, it is currently vulnerable to various types of attacks.

The fundamental risk of SHA-1 is collision resistance, which means two different messages can generate the same hash value. This can be used in several ways, like −

  • Birthday Attack − The birthday attack is a form of collision attack in which an attacker attempts to find two separate messages with the same hash value. A birthday attack using SHA-1 needs only 280 computations, making it possible for modern computing power.
  • Man-in-the-Middle Attack − A man-in-the-middle attack occurs when an attacker intercepts and modifies data sent between two parties. SHA-1 allows an attacker to generate an altered message with the same hash value as the original message which makes it difficult to detect the change.
  • Certificate Forgery − Digital certificates use SHA-1 to authenticate the authenticity of a website or service. However, due to the vulnerability to collision attacks, an attacker can generate a fake certificate with the same hash value as the authentic certificate.

Alternatives of SHA-1

  • Due to SHA-1's weaknesses it is recommended to adopt stronger hash algorithms such as SHA-2 and SHA-3.
  • SHA-2 is a set of hash algorithms that contains SHA-256, SHA-384, and SHA-512, which generate hash values of 256, 384, and 512 bits, respectively.
  • SHA-2, which was created to replace SHA-1, is believed to be as far more secure. SHA-3 is a newer hash function developed by NIST in 2012 that creates hash values differently than SHA-2 does.

Best Practices

Since SHA-1 is vulnerable to attacks, some older programs and systems still use it. To minimise the risk of attacks in such situations, it is important that one sticks to best practices −

  • Avoid applying SHA-1 for new applications and platforms − Go for stronger hash algorithms like SHA-2 and SHA-3.
  • Upgrade legacy systems − If you continue to use SHA-1 in older systems, it is suggested that you switch to better hash algorithms as soon as possible.
  • Use salted hashes − To improve password storage security, salted hashes add a random text (salt) to the password after hashing. This makes it considerably more challenging for attackers to break passwords using precomputed hash tables.
Advertisements