SHA-2
SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression function itself built using the Davies–Meyer structure from a specialized block cipher.
| Secure Hash Algorithms | |
|---|---|
| Concepts | |
| hash functions, SHA, DSA | |
| Main standards | |
| SHA-0, SHA-1, SHA-2, SHA-3 | |
| General | |
|---|---|
| Designers | National Security Agency |
| First published | 2001 |
| Series | (SHA-0), SHA-1, SHA-2, SHA-3 |
| Certification | FIPS PUB 180-4, CRYPTREC, NESSIE |
| Detail | |
| Digest sizes | 224, 256, 384, or 512 bits |
| Structure | Merkle–Damgård construction with Davies–Meyer compression function |
| Rounds | 64 or 80 |
| Best public cryptanalysis | |
| A 2011 attack breaks preimage resistance for 57 out of 80 rounds of SHA-512, and 52 out of 64 rounds for SHA-256.
Pseudo-collision attack against up to 46 rounds of SHA-256. SHA-256 and SHA-512 are prone to length extension attacks. By guessing the hidden part of the state, length extension attacks on SHA-224 and SHA-384 succeed with probability 2−(256−224) = 2−32 > 2−224 and 2−(512−384) = 2−128 > 2−384 respectively. | |
SHA-2 includes significant changes from its predecessor, SHA-1. The SHA-2 family consists of six hash functions with digests (hash values) that are 224, 256, 384 or 512 bits: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256. SHA-256 and SHA-512 are novel hash functions computed with eight 32-bit and 64-bit words, respectively. They use different shift amounts and additive constants, but their structures are otherwise virtually identical, differing only in the number of rounds. SHA-224 and SHA-384 are truncated versions of SHA-256 and SHA-512 respectively, computed with different initial values. SHA-512/224 and SHA-512/256 are also truncated versions of SHA-512, but the initial values are generated using the method described in Federal Information Processing Standards (FIPS) PUB 180-4.
SHA-2 was first published by the National Institute of Standards and Technology (NIST) as a U.S. federal standard. The SHA-2 family of algorithms are patented in the U.S. The United States has released the patent under a royalty-free license.
As of 2011, the best public attacks break preimage resistance for 52 out of 64 rounds of SHA-256 or 57 out of 80 rounds of SHA-512, and collision resistance for 46 out of 64 rounds of SHA-256.