From Crypto++ Wiki
Jump to: navigation, search

SHA is the Secure Hash Algorithm and specifies a family of one way functions. SHA is standardized by NIST in FIPS 180-3, Secure Hash Standard (SHS). SHA-0 is the original 160 bit hash which was found to be defective by the NSA. SHA-1 is the revised version of SHA-0 which many typically use when a hash is needed. SHA-2 refers to a collection of hashes: SHA-224, SHA-256, SHA-384, and SHA-512.

The security level of SHA-1 has been reduced to approximately 260. The best publicly available cryptanalysis result is a 2011 attack by Marc Stevens that can produce hash collisions with a complexity of 261 operations, see hashclash - Framework for MD5 & SHA-1 Differential Path Construction and Chosen-Prefix Collisions.

SHA-1 is no longer recommended by NIST for use in digital signatures in the Federal arena. See SP 800-57, Recommendation for Key Management, Table 3 on page 64. You should use the SHA-2 or SHA-3 family, instead.

Crypto++ Validation

Crypto++'s fipstest.cpp test file performs SHA validation in function SecureHashKnownAnswerTest.

SHA-3 and FIPS 202

If you need a SHA-3 implementation consistent with FIPS Publication 202 and the extended output functions, then perform the following:

diff sha3.cpp ../cryptopp_563_rc4/sha3.cpp:
< 	m_state.BytePtr()[m_counter] ^= 6;
> 	m_state.BytePtr()[m_counter] ^= 1;

See Jeff Marrison's post at SHA3/Keccak FIPS202 one-liner fixup.

Sample Program