HomePage | Recent changes | View source | Discuss this page | Page history | Log in |

Printable version | Disclaimers | Privacy policy

SHA-1 (The Secure Hash Algorithm) is a cryptographic hash function (or message digest algorithm) designed by the National Security Agency (NSA) and published by the United States Government as a Federal Information Processing Standard. It produces an 160 bit hash value from a string of a maximum of 2^64 bits. It was released in support of the Government's attempt to control the export of quality encryption. It is a part of the Digital Signature Standard, also published by the US Government as a FIPS standard, which was intended to provide high quality authentication without the possibility of encryption. It turned out that encryption was possible, so the intended result was 'self-thwarted'. The original specification of this algorithm, commonly referred to as SHA, was withdrawn by NSA shortly after publication. The revised version, commonly referred to as SHA-1, was said, by NSA, to correct a flaw in the original algorithm which reduced its cryptographic security. NSA did not explain what the flaw was. Much later work by two French researchers has identified a flaw in the original SHA algorithm; it might, or might not, be the flaw NSA discovered. SHA-1 has been very closely examined by the public cryptographic community and no cryptographic insecurities have been yet found. It is recognised as quite secure by the cryptographic community. NSA has recently published three additional variants of SHA, each with longer hash lengths. These have not received as much scrutiny by the public community as SHA-1, and so their cryptographic security is open.

See also: RIPEMD-160, MD5.