Questions tagged [sha]

Secure Hash Algorithm is a family of cryptographic hash functions published by NIST. This includes SHA-1, and the SHA-2 and SHA-3 families of functions.

There are three major families of algorithms that have been standardized by NIST under the name "Secure Hash Algorithm". Each family has a different construction from the others so that a practical attack on one family will not compromise the other families.

SHA-1 is a cryptographic hash function with an output size of 160-bit, standardized by NIST in 1995. SHA-1 is deprecated for cryptographic use. The first theoretical attacks were published in 2005. As of Jan 2017, TLS involving SHA-1 is no longer accepted by major browsers. The first public collision attack on SHA-1 was published on 23 February 2017 by Google. [source].

SHA-2 is a family of cryptographic hash functions with output sizes ranging from 224 bits to 512 bits, standardized by NIST in 2001. SHA-2 hash functions are still considered secure for cryptographic use.

SHA-3 is a family of cryptographic hash functions with output sizes ranging from 224 bits to 512 bits, standardized by NIST in 2015. SHA-3 hash functions are still considered secure for cryptographic use. Organizations using SHA-2 are encouraged to also implement SHA-3 as a fallback in the event that an attack is discovered against SHA-2 and the industry needs to rapidly migrate away from SHA-2.

The above information was sourced from wikipedia.org/Secure_Hash_Algorithms.


Note that the SHA family of hash functions is designed to have efficient software and hardware implementations, and thus are not recommended for hashing passwords. Instead you should be using key derivation functions such as PBKDF2 or bcrypt which are designed to be slow, thus hampering brute-force attacks against hashed passwords.

300 questions
91
votes
2 answers

What is the relationship between "SHA-2" and "SHA-256"

I'm confused on the difference between SHA-2 and SHA-256 and often hear them used interchangeably (which seems really wrong). I think SHA-2 a "family" of hash algorithms and SHA-256 a specific algorithm in that family. Is that correct? Can someone…
Mike B
  • 3,336
  • 4
  • 29
  • 39
73
votes
4 answers

Is SHA1 better than MD5 only because it generates a hash of 160 bits?

It is well known that SHA1 is recommended more than MD5 for hashing since MD5 is practically broken as lot of collisions have been found. With the birthday attack, it is possible to get a collision in MD5 with 264 complexity and with 280 complexity…
sudhacker
  • 4,260
  • 5
  • 23
  • 34
70
votes
3 answers

Why is Google still using a sha1 certificate on its own site when they are phasing them out in Chrome?

Firefox dev tools shows that https://www.google.com is using a certificate signed with SHA1. Why is Google doing this when they are phasing out the certificate themselves? Shouldn't this only hurt Google's reputation and interests?
sgoblin
  • 733
  • 1
  • 5
  • 8
66
votes
1 answer

What are the implications of a SHA-1 collision being found?

Google have announced the discovery of a SHA-1 collision between two PDF files with distinct content. While SHA-1 hashes are no longer permitted for SSL/TLS certificate fingerprints, and other measures would prevent certificate fingerprints from…
Matthew
  • 27,233
  • 7
  • 87
  • 101
56
votes
5 answers

Is using bcrypt on existing SHA1 hashes good enough when switching password implementation?

I'm working on improving a CMS where the current implementation of storing password is just sha1(password). I explained to my boss that doing it that way is incredibly insecure, and told him that we should switch to bcrypt, and he agreed. My plan…
Alex
  • 709
  • 5
  • 7
47
votes
3 answers

Is Git crowdsourcing cryptographic attacks?

A strong cryptographic hash makes collisions unlikely. Many cryptographic protocols build on that fact. But Git is using SHA-1 hashes as object identifiers. So there are a lot of already computed hashes out there in the public Git repositories of…
MvG
  • 745
  • 5
  • 10
45
votes
3 answers

How safe are signed git tags? Only as safe as SHA-1 or somehow safer?

How safe are signed git tags? Especially because git uses SHA-1. There is contradictory information around. So if one verifies a git tag (git tag -v tagname), then checksouts the tag, and checks that git status reports no untracked/modified files,…
adrelanos
  • 680
  • 7
  • 21
36
votes
5 answers

Should I trust a website which uses a SHA-1 HTTPS certificate?

I am on a website where I need to pay for something. This website has the following warning in the top left: This site uses a weak security configuration (SHA-1 signatures) so your connection may not be private Should I go ahead and enter my…
User1
  • 3,041
  • 5
  • 23
  • 30
34
votes
4 answers

Does every hash value have an inverse value?

There are many different hash functions, md5, sha, and others. They take a value V and produce a H via transformation Function(V) = H, where Function is md5, sha, etc. My question is: Does every hash value H have a value V? For example, given md5…
bodacydo
  • 829
  • 9
  • 14
29
votes
3 answers

Are there any known vulnerabilities in PPTP VPNs when configured properly?

PPTP is the only VPN protocol supported by some devices (for example, the Asus RT-AC66U WiFi router). If PPTP is configured to only use the most secure options, does its use present any security vulnerabilities? The most secure configuration of PPTP…
user34241
  • 293
  • 1
  • 3
  • 4
28
votes
4 answers

How secure is this hash-based personal password scheme?

I use a password scheme where I keep a small number of easy to remember personal passwords. Instead of using the passwords directly for each service, I run them through a hashing algorithm first, as a sort of a seed, together with the name of the…
bjaastad_e
  • 407
  • 4
  • 7
27
votes
7 answers

Is sha1sum still secure for downloadable software packages signature?

We use sha1sum to calculate SHA-1 hash value of our packages. Clarification about the usage: We distribute some software packages, and we want users to be able to check that what they downloaded is the correct package, down to the last bit. The…
Michael
  • 1,457
  • 1
  • 18
  • 36
25
votes
3 answers

Is SHA1 weak for SSL?

I noticed that today after I scanned a site on the Qualys SSL Labs site that SSL ciphersuites which use SHA1 are now highlighted as being "Weak". It seems this has just happened; I scan sites pretty regularly and haven't seen this before. We have…
user53029
  • 2,657
  • 5
  • 24
  • 35
24
votes
5 answers

Does Rehashing a weak hash with a strong algorithm make it strong?

Imagine the following situation. We're making a web application which should be really safe Now the accounts/users are not directly added by us but they receive a letter with a logincode. We get a file every now and then containing an unsalted SHA-1…
Jester
  • 663
  • 5
  • 10
23
votes
9 answers

Deprecation of SHA1 code signing certificates on Windows

EDIT (7/7/2016) - see addition at the end of post I have been keenly following the issues with regards to Microsoft deprecating the use of SHA1 code-signing certificates for Windows executables…
Kevin
  • 331
  • 1
  • 2
  • 7
1
2 3
19 20