# SHA

**SHA** is the **Secure Hash Algorithm** and specifies a family of one way functions. **SHA** is standardized by NIST in FIPS 180-3, *Secure Hash Standard (SHS)*. SHA-0 is the original 160 bit hash which was found to be defective by the NSA. SHA-1 is the revised version of SHA-0 which many typically use when a hash is needed. SHA-2 refers to a collection of hashes: SHA-224, SHA-256, SHA-384, and SHA-512.

The security level of SHA-1 has been reduced to approximately 2^{60}. The best publicly available cryptanalysis result is a
2011 attack by Marc Stevens that can produce hash collisions with a complexity of 2^{61} operations, see *hashclash - Framework for MD5 & SHA-1 Differential Path Construction and Chosen-Prefix Collisions*.

SHA-1 is no longer recommended by NIST for use in digital signatures in the Federal arena. See *SP 800-57, Recommendation for Key Management*, Table 3 on page 64. You should use the SHA-2 or SHA-3 family, instead.

## Crypto++ Validation

Crypto++'s `fipstest.cpp` test file performs SHA validation in function `SecureHashKnownAnswerTest`.

## SHA-3 and FIPS 202

If you need a SHA-3 implementation consistent with FIPS Publication 202 and the extended output functions, then perform the following:

diff sha3.cpp ../cryptopp_563_rc4/sha3.cpp: 277c277 < m_state.BytePtr()[m_counter] ^= 6; --- > m_state.BytePtr()[m_counter] ^= 1;

See Jeff Marrison's post at SHA3/Keccak FIPS202 one-liner fixup.