Questions tagged [sha-2]

SHA-2 is a family of cryptographic hash functions designed by the NSA and published by NIST in 2001. The family includes various output lengths (224, 256, 384, and 512 bits).

SHA-2 is a family of cryptographic hash functions hash, the de facto standard for current developments. It was originally published by NIST in 2001. It is based on a merkle-damgard construction. It is replacing the older SHA-1 sha-1 hash function and the even older MD5 md5.

The family comprises 6 functions with different output lengths.

SHA-256 sha256 and SHA-512 sha512 are the most commonly used hash functions. Their internal state and output size are both 256 for SHA-256 and both 512 for SHA-512. The algorithms are similar, but SHA-256 is expressed in terms of computations on 32-bit words while SHA-512 uses 64-bit words. SHA-512 has more rounds (80) than SHA-256 (64).
SHA-224 and SHA-384 are very similar to SHA-256 and SHA-512 respectively, but with output truncated to a smaller size, and different constants.
SHA-512/224 and SHA-512/256 (added in 2012) are truncated versions of SHA-512, also with different constants.

In 2012, NIST selected proposal for a SHA-3 sha-3 algorithm. Although SHA-3 was initially intended as a replacement for SHA-2, it is now planned that SHA-2 and SHA-3 will coexist.

External links

FIPS 180-4, the NIST Secure Hash Standard

139 questions

votes

3 answers

"SHA-256" vs "any 256 bits of SHA-512", which is more secure?

In terms of security strength, Is there any difference in using the SHA-256 algorithm vs using any random 256 bits of the output of the SHA-512 algorithm? Similarly, what is the security difference between using SHA-224 and using any random 224 bits…

hash sha-256 sha-2

asked Jul 06 '12 at 05:03

Pacerier

1,265
2
10
16

votes

2 answers

Are there any known collisions for the SHA (1 & 2) family of hash functions?

Are there any known collisions for the hash functions SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512? By that, I mean are there known values of $a$ and $b$ where $F(a) = F(b)$ and $a ≠ b$?

hash collision-resistance sha-1 sha-2

asked Jun 25 '12 at 17:35

Pacerier

1,265
2
10
16

votes

2 answers

HMAC-SHA1 vs HMAC-SHA256

I have three questions: Would you use HMAC-SHA1 or HMAC-SHA256 for message authentication? How much HMAC-SHA256 is slower than HMAC-SHA1? Are the security improvements of SHA256 (over SHA1) enough to justify its usage?

hash hmac sha-256 sha-1 sha-2

asked Apr 03 '14 at 23:48

Mario

votes

3 answers

Are common cryptographic hashes bijective when hashing a single block of the same size as the output?

It's been said that CRC-64 is bijective for a 64-bit block. It the corresponding statement true for typical cryptographic hashes, like MD5, SHA-1, SHA-2 or SHA-3? For example, would SHA-512 be bijective when hashing a single 512 bit block?

hash collision-resistance sha-2

asked Aug 03 '11 at 15:50

SDL

1,927
13
25

votes

4 answers

Assuming a 1024qb quantum computer, how long to brute force 1024bit RSA, 256bit AES and 512bit SHA512

Assuming in the future there was a functioning 1024 qubit quantum supercomputer and it could run Shor's algorithm or Grover's algorithm to crack encryption very quickly. I'm interested in how the number of qubits translates to performance…

rsa aes post-quantum-cryptography sha-2

asked Jul 30 '13 at 00:02

user7827

votes

1 answer

How are the functions used in cryptographic hash functions chosen?

I'm learning about cryptographic hash functions and I have some questions about the functions used in the compression function. MD5 uses the following functions: $f_{1}(B,C,D)=(B\wedge C)\lor(D\wedge \lnot B)$ $f_{2}(B,C,D)=(B\wedge…

algorithm-design sha-1 md5 sha-2

asked Nov 06 '16 at 17:01

Cartman123

votes

7 answers

Is calculating a hash code for a large file in parallel less secure than doing it sequentially?

I would like to improve the performance of hashing large files, say for example in the tens of gigabytes in size. Normally, you sequentially hash the bytes of the files using a hash function (say, for example SHA-256, although I will most likely use…

hash sha-256 collision-resistance sha-2

asked Aug 10 '11 at 19:56

Michael Goldshteyn

votes

1 answer

Why hashing twice?

I'm trying to understand the Bitcoin protocol, and sometimes see instructions like this: The TransactionId is defined by SHA256(SHA256(txbytes)) or The hash of the public key is generated by performing a SHA256 hash on the public key, and then…

hash sha-256 cryptocurrency sha-2 ripemd

asked Jul 10 '17 at 09:12

Timur Lemeshko

votes

2 answers

What's the difference between PBKDF and SHA and why use them together?

I've been reading a little bit about hashing lately and according to AgileBits, they use "SHA512 within PBKDF2" in their new vault file. I've looked in Wikipedia for both names and I know PBKDF2 is a key derivation function and SHA is a…

pbkdf-2 sha-2

asked May 12 '16 at 20:46

Danowsky

votes

3 answers

Why does the padding in Merkle–Damgård hash functions like MD5 contain the message length?

I understand the need for padding in MD5 and other hash algorithms such as SHA-1, SHA-256, SHA-384 and SHA-512. But why do we append the message length to the padding? I heard it strengthens the hash but how? Please provide an example if possible…

hash padding md5 sha-2 merkle-damgaard

asked Dec 08 '11 at 21:09

Ibrahim Najjar

votes

1 answer

Are there any well-known examples of SHA-256 collisions?

The popularity of SHA-256 as a hashing algorithm, along with the fact that it has 2256 buckets to choose from leads me to believe that collisions do exist but are quite rare. Are there any well-documented SHA-256 collisions? Or any well-known…

hash collision-resistance sha-256 sha-2

asked Oct 26 '17 at 20:51

Ari Sweedler

votes

2 answers

Does SHA-1024 hash exist?

Does SHA-1024 cryptographic hash function exist similarly to SHA-512? If not, what's the reason for that? Links: SHA-2 at Wikipedia SHA-3 at Wikipedia

hash reference-request sha-2

asked Aug 18 '14 at 13:18

kenorb

votes

4 answers

Does the SHA hash function always generate a fixed length hash?

I'm using the SHA1/2 family of algorithms for a particular project. I was wondering if all the SHA algorithms return a fixed length hash regardless of the length of the data.

sha-1 sha-2

asked Mar 20 '12 at 09:44

Robin Rodricks

votes

4 answers

Is SHA-256 secure as a CTR block cipher?

Generate a 256-bit random nonce. XOR it with a 256-bit reusable symmetric key. This is x. We represent numbers in simple binary instead of a counting function. 0 in dec = [256 zeros] in binary, 1 = [255 zeros]1, 23092348 = [241…

hash block-cipher sha-2 ctr

asked Jan 13 '12 at 17:17

Jordan

votes

3 answers

SHA-224 Purpose

One of the new features of Java 8 is the SHA-224 message digest. What is the use case for having a 224-bit-length hash?

sha-2

asked Mar 21 '14 at 10:09

user9070

2 3

…

9 10 Next