- Cryptography - Home
- Cryptography - Origin
- Cryptography - History
- Cryptography - Principles
- Cryptography - Applications
- Cryptography - Benefits & Drawbacks
- Cryptography - Modern Age
- Cryptography - Traditional Ciphers
- Cryptography - Need for Encryption
- Cryptography - Double Strength Encryption
- Cryptosystems
- Cryptosystems
- Cryptosystems - Components
- Attacks On Cryptosystem
- Cryptosystems - Rainbow table attack
- Cryptosystems - Dictionary attack
- Cryptosystems - Brute force attack
- Cryptosystems - Cryptanalysis Techniques
- Types of Cryptography
- Cryptosystems - Types
- Public Key Encryption
- Modern Symmetric Key Encryption
- Cryptography Hash functions
- Key Management
- Cryptosystems - Key Generation
- Cryptosystems - Key Storage
- Cryptosystems - Key Distribution
- Cryptosystems - Key Revocation
- Block Ciphers
- Cryptosystems - Stream Cipher
- Cryptography - Block Cipher
- Cryptography - Feistel Block Cipher
- Block Cipher Modes of Operation
- Block Cipher Modes of Operation
- Electronic Code Book (ECB) Mode
- Cipher Block Chaining (CBC) Mode
- Cipher Feedback (CFB) Mode
- Output Feedback (OFB) Mode
- Counter (CTR) Mode
- Classic Ciphers
- Cryptography - Reverse Cipher
- Cryptography - Caesar Cipher
- Cryptography - ROT13 Algorithm
- Cryptography - Transposition Cipher
- Cryptography - Encryption Transposition Cipher
- Cryptography - Decryption Transposition Cipher
- Cryptography - Multiplicative Cipher
- Cryptography - Affine Ciphers
- Cryptography - Simple Substitution Cipher
- Cryptography - Encryption of Simple Substitution Cipher
- Cryptography - Decryption of Simple Substitution Cipher
- Cryptography - Vigenere Cipher
- Cryptography - Implementing Vigenere Cipher
- Modern Ciphers
- Base64 Encoding & Decoding
- Cryptography - XOR Encryption
- Substitution techniques
- Cryptography - MonoAlphabetic Cipher
- Cryptography - Hacking Monoalphabetic Cipher
- Cryptography - Polyalphabetic Cipher
- Cryptography - Playfair Cipher
- Cryptography - Hill Cipher
- Polyalphabetic Ciphers
- Cryptography - One-Time Pad Cipher
- Implementation of One Time Pad Cipher
- Cryptography - Transposition Techniques
- Cryptography - Rail Fence Cipher
- Cryptography - Columnar Transposition
- Cryptography - Steganography
- Symmetric Algorithms
- Cryptography - Data Encryption
- Cryptography - Encryption Algorithms
- Cryptography - Data Encryption Standard
- Cryptography - Triple DES
- Cryptography - Double DES
- Advanced Encryption Standard
- Cryptography - AES Structure
- Cryptography - AES Transformation Function
- Cryptography - Substitute Bytes Transformation
- Cryptography - ShiftRows Transformation
- Cryptography - MixColumns Transformation
- Cryptography - AddRoundKey Transformation
- Cryptography - AES Key Expansion Algorithm
- Cryptography - Blowfish Algorithm
- Cryptography - SHA Algorithm
- Cryptography - RC4 Algorithm
- Cryptography - Camellia Encryption Algorithm
- Cryptography - ChaCha20 Encryption Algorithm
- Cryptography - CAST5 Encryption Algorithm
- Cryptography - SEED Encryption Algorithm
- Cryptography - SM4 Encryption Algorithm
- IDEA - International Data Encryption Algorithm
- Public Key (Asymmetric) Cryptography Algorithms
- Cryptography - RSA Algorithm
- Cryptography - RSA Encryption
- Cryptography - RSA Decryption
- Cryptography - Creating RSA Keys
- Cryptography - Hacking RSA Cipher
- Cryptography - ECDSA Algorithm
- Cryptography - DSA Algorithm
- Cryptography - Diffie-Hellman Algorithm
- Data Integrity in Cryptography
- Data Integrity in Cryptography
- Message Authentication
- Cryptography Digital signatures
- Public Key Infrastructure
- Hashing
- MD5 (Message Digest Algorithm 5)
- SHA-1 (Secure Hash Algorithm 1)
- SHA-256 (Secure Hash Algorithm 256-bit)
- SHA-512 (Secure Hash Algorithm 512-bit)
- SHA-3 (Secure Hash Algorithm 3)
- Hashing Passwords
- Bcrypt Hashing Module
- Modern Cryptography
- Quantum Cryptography
- Post-Quantum Cryptography
- Cryptographic Protocols
- Cryptography - SSL/TLS Protocol
- Cryptography - SSH Protocol
- Cryptography - IPsec Protocol
- Cryptography - PGP Protocol
- Image & File Cryptography
- Cryptography - Image
- Cryptography - File
- Steganography - Image
- File Encryption and Decryption
- Cryptography - Encryption of files
- Cryptography - Decryption of files
- Cryptography in IoT
- IoT security challenges, Threats and Attacks
- Cryptographic Techniques for IoT Security
- Communication Protocols for IoT Devices
- Commonly Used Cryptography Techniques
- Custom Building Cryptography Algorithms (Hybrid Cryptography)
- Cloud Cryptography
- Quantum Cryptography
- Image Steganography in Cryptography
- DNA Cryptography
- One Time Password (OTP) algorithm in Cryptography
- Difference Between
- Cryptography - MD5 vs SHA1
- Cryptography - RSA vs DSA
- Cryptography - RSA vs Diffie-Hellman
- Cryptography vs Cryptology
- Cryptography - Cryptology vs Cryptanalysis
- Cryptography - Classical vs Quantum
- Cryptography vs Steganography
- Cryptography vs Encryption
- Cryptography vs Cyber Security
- Cryptography - Stream Cipher vs Block Cipher
- Cryptography - AES vs DES ciphers
- Cryptography - Symmetric vs Asymmetric
SHA-1 (Secure Hash Algorithm 1)
SHA-1 is a cryptographic hash function that generates a 160-bit hash value (also known as a message digest) from any input message up to 264 - 1 bits.
The National Security Agency (NSA) devised SHA-1, which was published by the National Institute of Standards and Technology (NIST) in 1995 as part of the Secure Hash Standard (SHS).
SHA-1 is a one-way function, which means it is impossible to compute to figure out the original message from its hash value.
In the above image, in one cycle of the SHA-1 compression function, A, B, C, D, and E represent 32-bit state words.
- F = nonlinear function that varies.
- ⋘n = left-bit rotation by n places.
- n = varies for each operation.
- Wt = expanded message word of round t;
- Kt = round constant of round t; and
- ⊞ = addition modulo 232.
Algorithm
Here are the steps we need to follow in SHA-1 −
-
Initialization
- Let's start with some initial values.
- Set all five variables (h0 to h4) with the correct values.
-
Pre-processing
- Prepare the message ready for hashing.
- A '1' bit should be added to the message's end.
- To set a maximum length for the message, append a few '0' bits.
- At the end of the message, include the message's original length (in bits).
-
Processing
- Divide the message into manageable parts and deal with each one separately.
- There should be 512 bits in each section.
- Divide the pieces into sixteen 32-bit words each.
- Use a formula to extend these words into eighty 32-bit words.
-
Main loop
- Go through every word and do some calculations.
- Based on the position and values of the word, update the temporary variables.
- As per these calculations, update the hash values.
-
Finalization
- To get the final hash, combine the hash values.
- Using a predetermined order, arrange the hash values to generate a 160-bit integer.
Implementation of SHA-1
Here are Python and Java implementations of the SHA-1 algorithm, along with the results −
Using Python
The SHA-1 algorithm is implemented in this Python by using the hashlib package. It defines the function sha1, which accepts a message as input and outputs the hash generated using SHA-1. Within the function, a SHA-1 hash object is generated and updated with the input message, and the hash's hexadecimal digest is returned.
import hashlib
def sha1(message):
# generate a SHA-1 hash object
sha1_hash = hashlib.sha1()
# update the hash object
sha1_hash.update(message.encode('utf-8'))
# hexadecimal digest of the hash
return sha1_hash.hexdigest()
# execute the function
message = "Hello, everyone!"
sha1_hash = sha1(message)
print("SHA-1 hash:", sha1_hash)
Output
SHA-1 hash: 9a8bfaaace7b9e422f79ef862956e3512aa9d8ea
Using Java
In this Java code, we will use the java.security.MessageDigest class. The class implements the SHA-1 algorithm. It defines a method called sha1 that takes a message as input and returns its SHA-1 hash. The function creates a MessageDigest object for SHA-1, updates it with message bytes, gets digest bytes. So refer the below code in Java for SHA-1 −
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public class SHA1 {
public static String sha1(String message) {
try {
// generate a MessageDigest object here
MessageDigest md = MessageDigest.getInstance("SHA-1");
// then update the digest
md.update(message.getBytes());
// the digest bytes
byte[] digestBytes = md.digest();
// change the bytes to hexadecimal
StringBuilder sb = new StringBuilder();
for (byte b : digestBytes) {
sb.append(String.format("%02x", b));
}
return sb.toString();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
return null;
}
}
public static void main(String[] args) {
// execute the function
String message = "Hello, tutorialspoint!";
String sha1Hash = sha1(message);
System.out.println("SHA-1 hash: " + sha1Hash);
}
}
Output
SHA-1 hash: 92c2164b880f6a60355a0764dd59ae828b53d6f3
Properties of SHA-1
SHA-1 has several features that make it appropriate for various applications −
- The fundamental purpose of a hash function is to generate a different hash value for each input message. SHA-1 ensures that two different messages are unlikely to generate the same hash result, making it resistant to collision attacks.
- SHA-1 is a one-way function, which means that the original message cannot be retrieved from its hash value. This attribute is critical for digital signatures, password storage, and other security-related applications.
- SHA-1 has a set output length of 160 bits, no matter the size of the input message. This allows you to easily compare hash values and save them in databases.
Applications of SHA-1
SHA-1 is used in a variety of applications, like −
- Digital Signatures − To ensure data integrity and non-repudiation, digital signature algorithms like the Digital Signature Standard (DSS) use SHA-1.
- Password Storage − Passwords are stored in databases using SHA-1. Instead of saving the actual password, the system stores the password's hash value, making it difficult for attackers to steal it.
- Secure Communications − SHA-1 protects data integrity and secrecy in secure communication protocols like Transport Layer Security (TLS) and Secure Sockets Layer (SSL).
Vulnerabilities of SHA-1
While SHA-1 was previously considered as a secure hash algorithm, it is currently vulnerable to various types of attacks.
The fundamental risk of SHA-1 is collision resistance, which means two different messages can generate the same hash value. This can be used in several ways, like −
- Birthday Attack − The birthday attack is a form of collision attack in which an attacker attempts to find two separate messages with the same hash value. A birthday attack using SHA-1 needs only 280 computations, making it possible for modern computing power.
- Man-in-the-Middle Attack − A man-in-the-middle attack occurs when an attacker intercepts and modifies data sent between two parties. SHA-1 allows an attacker to generate an altered message with the same hash value as the original message which makes it difficult to detect the change.
- Certificate Forgery − Digital certificates use SHA-1 to authenticate the authenticity of a website or service. However, due to the vulnerability to collision attacks, an attacker can generate a fake certificate with the same hash value as the authentic certificate.
Alternatives of SHA-1
- Due to SHA-1's weaknesses it is recommended to adopt stronger hash algorithms such as SHA-2 and SHA-3.
- SHA-2 is a set of hash algorithms that contains SHA-256, SHA-384, and SHA-512, which generate hash values of 256, 384, and 512 bits, respectively.
- SHA-2, which was created to replace SHA-1, is believed to be as far more secure. SHA-3 is a newer hash function developed by NIST in 2012 that creates hash values differently than SHA-2 does.
Best Practices
Since SHA-1 is vulnerable to attacks, some older programs and systems still use it. To minimise the risk of attacks in such situations, it is important that one sticks to best practices −
- Avoid applying SHA-1 for new applications and platforms − Go for stronger hash algorithms like SHA-2 and SHA-3.
- Upgrade legacy systems − If you continue to use SHA-1 in older systems, it is suggested that you switch to better hash algorithms as soon as possible.
- Use salted hashes − To improve password storage security, salted hashes add a random text (salt) to the password after hashing. This makes it considerably more challenging for attackers to break passwords using precomputed hash tables.
Advertisements