CINXE.COM
SHA-1 - Wikipedia
<!DOCTYPE html> <html class="client-nojs vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-available" lang="en" dir="ltr"> <head> <meta charset="UTF-8"> <title>SHA-1 - Wikipedia</title> <script>(function(){var className="client-js vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-available";var cookie=document.cookie.match(/(?:^|; )enwikimwclientpreferences=([^;]+)/);if(cookie){cookie[1].split('%2C').forEach(function(pref){className=className.replace(new RegExp('(^| )'+pref.replace(/-clientpref-\w+$|[^\w-]+/g,'')+'-clientpref-\\w+( |$)'),'$1'+pref+'$2');});}document.documentElement.className=className;}());RLCONF={"wgBreakFrames":false,"wgSeparatorTransformTable":["",""],"wgDigitTransformTable":["",""],"wgDefaultDateFormat":"dmy", "wgMonthNames":["","January","February","March","April","May","June","July","August","September","October","November","December"],"wgRequestId":"08d8bdae-f3b1-4279-87a9-7b01bf2ba67a","wgCanonicalNamespace":"","wgCanonicalSpecialPageName":false,"wgNamespaceNumber":0,"wgPageName":"SHA-1","wgTitle":"SHA-1","wgCurRevisionId":1252305876,"wgRevisionId":1252305876,"wgArticleId":26672,"wgIsArticle":true,"wgIsRedirect":false,"wgAction":"view","wgUserName":null,"wgUserGroups":["*"],"wgCategories":["Webarchive template wayback links","Articles with short description","Short description matches Wikidata","Articles containing potentially dated statements from 2020","All articles containing potentially dated statements","All articles with specifically marked weasel-worded phrases","Articles with specifically marked weasel-worded phrases from September 2015","Articles containing potentially dated statements from 2013","All articles with dead external links", "Articles with dead external links from April 2018","Articles with permanently dead external links","Articles with example pseudocode","Cryptographic hash functions","Broken hash functions","Checksum algorithms","National Security Agency cryptography"],"wgPageViewLanguage":"en","wgPageContentLanguage":"en","wgPageContentModel":"wikitext","wgRelevantPageName":"SHA-1","wgRelevantArticleId":26672,"wgIsProbablyEditable":true,"wgRelevantPageIsProbablyEditable":true,"wgRestrictionEdit":[],"wgRestrictionMove":[],"wgNoticeProject":"wikipedia","wgCiteReferencePreviewsActive":false,"wgFlaggedRevsParams":{"tags":{"status":{"levels":1}}},"wgMediaViewerOnClick":true,"wgMediaViewerEnabledByDefault":true,"wgPopupsFlags":0,"wgVisualEditor":{"pageLanguageCode":"en","pageLanguageDir":"ltr","pageVariantFallbacks":"en"},"wgMFDisplayWikibaseDescriptions":{"search":true,"watchlist":true,"tagline":false,"nearby":true},"wgWMESchemaEditAttemptStepOversample":false,"wgWMEPageLength":50000, "wgRelatedArticlesCompat":[],"wgCentralAuthMobileDomain":false,"wgEditSubmitButtonLabelPublish":true,"wgULSPosition":"interlanguage","wgULSisCompactLinksEnabled":false,"wgVector2022LanguageInHeader":true,"wgULSisLanguageSelectorEmpty":false,"wgWikibaseItemId":"Q13414952","wgCheckUserClientHintsHeadersJsApi":["brands","architecture","bitness","fullVersionList","mobile","model","platform","platformVersion"],"GEHomepageSuggestedEditsEnableTopics":true,"wgGETopicsMatchModeEnabled":false,"wgGEStructuredTaskRejectionReasonTextInputEnabled":false,"wgGELevelingUpEnabledForUser":false};RLSTATE={"ext.globalCssJs.user.styles":"ready","site.styles":"ready","user.styles":"ready","ext.globalCssJs.user":"ready","user":"ready","user.options":"loading","ext.cite.styles":"ready","ext.math.styles":"ready","skins.vector.search.codex.styles":"ready","skins.vector.styles":"ready","skins.vector.icons":"ready","jquery.makeCollapsible.styles":"ready","ext.wikimediamessages.styles":"ready", "ext.visualEditor.desktopArticleTarget.noscript":"ready","ext.uls.interlanguage":"ready","wikibase.client.init":"ready","ext.wikimediaBadges":"ready"};RLPAGEMODULES=["ext.cite.ux-enhancements","mediawiki.page.media","site","mediawiki.page.ready","jquery.makeCollapsible","mediawiki.toc","skins.vector.js","ext.centralNotice.geoIP","ext.centralNotice.startUp","ext.gadget.ReferenceTooltips","ext.gadget.switcher","ext.urlShortener.toolbar","ext.centralauth.centralautologin","mmv.bootstrap","ext.popups","ext.visualEditor.desktopArticleTarget.init","ext.visualEditor.targetLoader","ext.echo.centralauth","ext.eventLogging","ext.wikimediaEvents","ext.navigationTiming","ext.uls.interface","ext.cx.eventlogging.campaigns","ext.cx.uls.quick.actions","wikibase.client.vector-2022","ext.checkUser.clientHints","ext.growthExperiments.SuggestedEditSession","wikibase.sidebar.tracking"];</script> <script>(RLQ=window.RLQ||[]).push(function(){mw.loader.impl(function(){return["user.options@12s5i",function($,jQuery,require,module){mw.user.tokens.set({"patrolToken":"+\\","watchToken":"+\\","csrfToken":"+\\"}); }];});});</script> <link rel="stylesheet" href="/w/load.php?lang=en&modules=ext.cite.styles%7Cext.math.styles%7Cext.uls.interlanguage%7Cext.visualEditor.desktopArticleTarget.noscript%7Cext.wikimediaBadges%7Cext.wikimediamessages.styles%7Cjquery.makeCollapsible.styles%7Cskins.vector.icons%2Cstyles%7Cskins.vector.search.codex.styles%7Cwikibase.client.init&only=styles&skin=vector-2022"> <script async="" src="/w/load.php?lang=en&modules=startup&only=scripts&raw=1&skin=vector-2022"></script> <meta name="ResourceLoaderDynamicStyles" content=""> <link rel="stylesheet" href="/w/load.php?lang=en&modules=site.styles&only=styles&skin=vector-2022"> <meta name="generator" content="MediaWiki 1.44.0-wmf.4"> <meta name="referrer" content="origin"> <meta name="referrer" content="origin-when-cross-origin"> <meta name="robots" content="max-image-preview:standard"> <meta name="format-detection" content="telephone=no"> <meta name="viewport" content="width=1120"> <meta property="og:title" content="SHA-1 - Wikipedia"> <meta property="og:type" content="website"> <link rel="preconnect" href="//upload.wikimedia.org"> <link rel="alternate" media="only screen and (max-width: 640px)" href="//en.m.wikipedia.org/wiki/SHA-1"> <link rel="alternate" type="application/x-wiki" title="Edit this page" href="/w/index.php?title=SHA-1&action=edit"> <link rel="apple-touch-icon" href="/static/apple-touch/wikipedia.png"> <link rel="icon" href="/static/favicon/wikipedia.ico"> <link rel="search" type="application/opensearchdescription+xml" href="/w/rest.php/v1/search" title="Wikipedia (en)"> <link rel="EditURI" type="application/rsd+xml" href="//en.wikipedia.org/w/api.php?action=rsd"> <link rel="canonical" href="https://en.wikipedia.org/wiki/SHA-1"> <link rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/deed.en"> <link rel="alternate" type="application/atom+xml" title="Wikipedia Atom feed" href="/w/index.php?title=Special:RecentChanges&feed=atom"> <link rel="dns-prefetch" href="//meta.wikimedia.org" /> <link rel="dns-prefetch" href="//login.wikimedia.org"> </head> <body class="skin--responsive skin-vector skin-vector-search-vue mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject mw-editable page-SHA-1 rootpage-SHA-1 skin-vector-2022 action-view"><a class="mw-jump-link" href="#bodyContent">Jump to content</a> <div class="vector-header-container"> <header class="vector-header mw-header"> <div class="vector-header-start"> <nav class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-dropdown" class="vector-dropdown vector-main-menu-dropdown vector-button-flush-left vector-button-flush-right" > <input type="checkbox" id="vector-main-menu-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-main-menu-dropdown" class="vector-dropdown-checkbox " aria-label="Main menu" > <label id="vector-main-menu-dropdown-label" for="vector-main-menu-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-menu mw-ui-icon-wikimedia-menu"></span> <span class="vector-dropdown-label-text">Main menu</span> </label> <div class="vector-dropdown-content"> <div id="vector-main-menu-unpinned-container" class="vector-unpinned-container"> <div id="vector-main-menu" class="vector-main-menu vector-pinnable-element"> <div class="vector-pinnable-header vector-main-menu-pinnable-header vector-pinnable-header-unpinned" data-feature-name="main-menu-pinned" data-pinnable-element-id="vector-main-menu" data-pinned-container-id="vector-main-menu-pinned-container" data-unpinned-container-id="vector-main-menu-unpinned-container" > <div class="vector-pinnable-header-label">Main menu</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-main-menu.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-main-menu.unpin">hide</button> </div> <div id="p-navigation" class="vector-menu mw-portlet mw-portlet-navigation" > <div class="vector-menu-heading"> Navigation </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-mainpage-description" class="mw-list-item"><a href="/wiki/Main_Page" title="Visit the main page [z]" accesskey="z"><span>Main page</span></a></li><li id="n-contents" class="mw-list-item"><a href="/wiki/Wikipedia:Contents" title="Guides to browsing Wikipedia"><span>Contents</span></a></li><li id="n-currentevents" class="mw-list-item"><a href="/wiki/Portal:Current_events" title="Articles related to current events"><span>Current events</span></a></li><li id="n-randompage" class="mw-list-item"><a href="/wiki/Special:Random" title="Visit a randomly selected article [x]" accesskey="x"><span>Random article</span></a></li><li id="n-aboutsite" class="mw-list-item"><a href="/wiki/Wikipedia:About" title="Learn about Wikipedia and how it works"><span>About Wikipedia</span></a></li><li id="n-contactpage" class="mw-list-item"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us" title="How to contact Wikipedia"><span>Contact us</span></a></li> </ul> </div> </div> <div id="p-interaction" class="vector-menu mw-portlet mw-portlet-interaction" > <div class="vector-menu-heading"> Contribute </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-help" class="mw-list-item"><a href="/wiki/Help:Contents" title="Guidance on how to use and edit Wikipedia"><span>Help</span></a></li><li id="n-introduction" class="mw-list-item"><a href="/wiki/Help:Introduction" title="Learn how to edit Wikipedia"><span>Learn to edit</span></a></li><li id="n-portal" class="mw-list-item"><a href="/wiki/Wikipedia:Community_portal" title="The hub for editors"><span>Community portal</span></a></li><li id="n-recentchanges" class="mw-list-item"><a href="/wiki/Special:RecentChanges" title="A list of recent changes to Wikipedia [r]" accesskey="r"><span>Recent changes</span></a></li><li id="n-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_upload_wizard" title="Add images or other media for use on Wikipedia"><span>Upload file</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> <a href="/wiki/Main_Page" class="mw-logo"> <img class="mw-logo-icon" src="/static/images/icons/wikipedia.png" alt="" aria-hidden="true" height="50" width="50"> <span class="mw-logo-container skin-invert"> <img class="mw-logo-wordmark" alt="Wikipedia" src="/static/images/mobile/copyright/wikipedia-wordmark-en.svg" style="width: 7.5em; height: 1.125em;"> <img class="mw-logo-tagline" alt="The Free Encyclopedia" src="/static/images/mobile/copyright/wikipedia-tagline-en.svg" width="117" height="13" style="width: 7.3125em; height: 0.8125em;"> </span> </a> </div> <div class="vector-header-end"> <div id="p-search" role="search" class="vector-search-box-vue vector-search-box-collapses vector-search-box-show-thumbnail vector-search-box-auto-expand-width vector-search-box"> <a href="/wiki/Special:Search" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only search-toggle" title="Search Wikipedia [f]" accesskey="f"><span class="vector-icon mw-ui-icon-search mw-ui-icon-wikimedia-search"></span> <span>Search</span> </a> <div class="vector-typeahead-search-container"> <div class="cdx-typeahead-search cdx-typeahead-search--show-thumbnail cdx-typeahead-search--auto-expand-width"> <form action="/w/index.php" id="searchform" class="cdx-search-input cdx-search-input--has-end-button"> <div id="simpleSearch" class="cdx-search-input__input-wrapper" data-search-loc="header-moved"> <div class="cdx-text-input cdx-text-input--has-start-icon"> <input class="cdx-text-input__input" type="search" name="search" placeholder="Search Wikipedia" aria-label="Search Wikipedia" autocapitalize="sentences" title="Search Wikipedia [f]" accesskey="f" id="searchInput" > <span class="cdx-text-input__icon cdx-text-input__start-icon"></span> </div> <input type="hidden" name="title" value="Special:Search"> </div> <button class="cdx-button cdx-search-input__end-button">Search</button> </form> </div> </div> </div> <nav class="vector-user-links vector-user-links-wide" aria-label="Personal tools"> <div class="vector-user-links-main"> <div id="p-vector-user-menu-preferences" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-userpage" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-dropdown" class="vector-dropdown " title="Change the appearance of the page's font size, width, and color" > <input type="checkbox" id="vector-appearance-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-appearance-dropdown" class="vector-dropdown-checkbox " aria-label="Appearance" > <label id="vector-appearance-dropdown-label" for="vector-appearance-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-appearance mw-ui-icon-wikimedia-appearance"></span> <span class="vector-dropdown-label-text">Appearance</span> </label> <div class="vector-dropdown-content"> <div id="vector-appearance-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <div id="p-vector-user-menu-notifications" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-overflow" class="vector-menu mw-portlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="https://donate.wikimedia.org/wiki/Special:FundraiserRedirector?utm_source=donate&utm_medium=sidebar&utm_campaign=C13_en.wikipedia.org&uselang=en" class=""><span>Donate</span></a> </li> <li id="pt-createaccount-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:CreateAccount&returnto=SHA-1" title="You are encouraged to create an account and log in; however, it is not mandatory" class=""><span>Create account</span></a> </li> <li id="pt-login-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:UserLogin&returnto=SHA-1" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o" class=""><span>Log in</span></a> </li> </ul> </div> </div> </div> <div id="vector-user-links-dropdown" class="vector-dropdown vector-user-menu vector-button-flush-right vector-user-menu-logged-out" title="Log in and more options" > <input type="checkbox" id="vector-user-links-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-user-links-dropdown" class="vector-dropdown-checkbox " aria-label="Personal tools" > <label id="vector-user-links-dropdown-label" for="vector-user-links-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-ellipsis mw-ui-icon-wikimedia-ellipsis"></span> <span class="vector-dropdown-label-text">Personal tools</span> </label> <div class="vector-dropdown-content"> <div id="p-personal" class="vector-menu mw-portlet mw-portlet-personal user-links-collapsible-item" title="User menu" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport" class="user-links-collapsible-item mw-list-item"><a href="https://donate.wikimedia.org/wiki/Special:FundraiserRedirector?utm_source=donate&utm_medium=sidebar&utm_campaign=C13_en.wikipedia.org&uselang=en"><span>Donate</span></a></li><li id="pt-createaccount" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:CreateAccount&returnto=SHA-1" title="You are encouraged to create an account and log in; however, it is not mandatory"><span class="vector-icon mw-ui-icon-userAdd mw-ui-icon-wikimedia-userAdd"></span> <span>Create account</span></a></li><li id="pt-login" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:UserLogin&returnto=SHA-1" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o"><span class="vector-icon mw-ui-icon-logIn mw-ui-icon-wikimedia-logIn"></span> <span>Log in</span></a></li> </ul> </div> </div> <div id="p-user-menu-anon-editor" class="vector-menu mw-portlet mw-portlet-user-menu-anon-editor" > <div class="vector-menu-heading"> Pages for logged out editors <a href="/wiki/Help:Introduction" aria-label="Learn more about editing"><span>learn more</span></a> </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-anoncontribs" class="mw-list-item"><a href="/wiki/Special:MyContributions" title="A list of edits made from this IP address [y]" accesskey="y"><span>Contributions</span></a></li><li id="pt-anontalk" class="mw-list-item"><a href="/wiki/Special:MyTalk" title="Discussion about edits from this IP address [n]" accesskey="n"><span>Talk</span></a></li> </ul> </div> </div> </div> </div> </nav> </div> </header> </div> <div class="mw-page-container"> <div class="mw-page-container-inner"> <div class="vector-sitenotice-container"> <div id="siteNotice"><!-- CentralNotice --></div> </div> <div class="vector-column-start"> <div class="vector-main-menu-container"> <div id="mw-navigation"> <nav id="mw-panel" class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-pinned-container" class="vector-pinned-container"> </div> </nav> </div> </div> <div class="vector-sticky-pinned-container"> <nav id="mw-panel-toc" aria-label="Contents" data-event-name="ui.sidebar-toc" class="mw-table-of-contents-container vector-toc-landmark"> <div id="vector-toc-pinned-container" class="vector-pinned-container"> <div id="vector-toc" class="vector-toc vector-pinnable-element"> <div class="vector-pinnable-header vector-toc-pinnable-header vector-pinnable-header-pinned" data-feature-name="toc-pinned" data-pinnable-element-id="vector-toc" > <h2 class="vector-pinnable-header-label">Contents</h2> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-toc.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-toc.unpin">hide</button> </div> <ul class="vector-toc-contents" id="mw-panel-toc-list"> <li id="toc-mw-content-text" class="vector-toc-list-item vector-toc-level-1"> <a href="#" class="vector-toc-link"> <div class="vector-toc-text">(Top)</div> </a> </li> <li id="toc-Development" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Development"> <div class="vector-toc-text"> <span class="vector-toc-numb">1</span> <span>Development</span> </div> </a> <ul id="toc-Development-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Applications" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Applications"> <div class="vector-toc-text"> <span class="vector-toc-numb">2</span> <span>Applications</span> </div> </a> <button aria-controls="toc-Applications-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle Applications subsection</span> </button> <ul id="toc-Applications-sublist" class="vector-toc-list"> <li id="toc-Cryptography" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Cryptography"> <div class="vector-toc-text"> <span class="vector-toc-numb">2.1</span> <span>Cryptography</span> </div> </a> <ul id="toc-Cryptography-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Data_integrity" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Data_integrity"> <div class="vector-toc-text"> <span class="vector-toc-numb">2.2</span> <span>Data integrity</span> </div> </a> <ul id="toc-Data_integrity-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Cryptanalysis_and_validation" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Cryptanalysis_and_validation"> <div class="vector-toc-text"> <span class="vector-toc-numb">3</span> <span>Cryptanalysis and validation</span> </div> </a> <button aria-controls="toc-Cryptanalysis_and_validation-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle Cryptanalysis and validation subsection</span> </button> <ul id="toc-Cryptanalysis_and_validation-sublist" class="vector-toc-list"> <li id="toc-SHA-0" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#SHA-0"> <div class="vector-toc-text"> <span class="vector-toc-numb">3.1</span> <span>SHA-0</span> </div> </a> <ul id="toc-SHA-0-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Attacks" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Attacks"> <div class="vector-toc-text"> <span class="vector-toc-numb">3.2</span> <span>Attacks</span> </div> </a> <ul id="toc-Attacks-sublist" class="vector-toc-list"> <li id="toc-The_SHAppening" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#The_SHAppening"> <div class="vector-toc-text"> <span class="vector-toc-numb">3.2.1</span> <span>The SHAppening</span> </div> </a> <ul id="toc-The_SHAppening-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-SHAttered_–_first_public_collision" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#SHAttered_–_first_public_collision"> <div class="vector-toc-text"> <span class="vector-toc-numb">3.2.2</span> <span>SHAttered – first public collision</span> </div> </a> <ul id="toc-SHAttered_–_first_public_collision-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Birthday-Near-Collision_Attack_–_first_practical_chosen-prefix_attack" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Birthday-Near-Collision_Attack_–_first_practical_chosen-prefix_attack"> <div class="vector-toc-text"> <span class="vector-toc-numb">3.2.3</span> <span>Birthday-Near-Collision Attack – first practical chosen-prefix attack</span> </div> </a> <ul id="toc-Birthday-Near-Collision_Attack_–_first_practical_chosen-prefix_attack-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Official_validation" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Official_validation"> <div class="vector-toc-text"> <span class="vector-toc-numb">3.3</span> <span>Official validation</span> </div> </a> <ul id="toc-Official_validation-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Examples_and_pseudocode" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Examples_and_pseudocode"> <div class="vector-toc-text"> <span class="vector-toc-numb">4</span> <span>Examples and pseudocode</span> </div> </a> <button aria-controls="toc-Examples_and_pseudocode-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle Examples and pseudocode subsection</span> </button> <ul id="toc-Examples_and_pseudocode-sublist" class="vector-toc-list"> <li id="toc-Example_hashes" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Example_hashes"> <div class="vector-toc-text"> <span class="vector-toc-numb">4.1</span> <span>Example hashes</span> </div> </a> <ul id="toc-Example_hashes-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-SHA-1_pseudocode" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#SHA-1_pseudocode"> <div class="vector-toc-text"> <span class="vector-toc-numb">4.2</span> <span>SHA-1 pseudocode</span> </div> </a> <ul id="toc-SHA-1_pseudocode-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Comparison_of_SHA_functions" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Comparison_of_SHA_functions"> <div class="vector-toc-text"> <span class="vector-toc-numb">5</span> <span>Comparison of SHA functions</span> </div> </a> <ul id="toc-Comparison_of_SHA_functions-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Implementations" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Implementations"> <div class="vector-toc-text"> <span class="vector-toc-numb">6</span> <span>Implementations</span> </div> </a> <button aria-controls="toc-Implementations-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle Implementations subsection</span> </button> <ul id="toc-Implementations-sublist" class="vector-toc-list"> <li id="toc-Collision_countermeasure" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Collision_countermeasure"> <div class="vector-toc-text"> <span class="vector-toc-numb">6.1</span> <span>Collision countermeasure</span> </div> </a> <ul id="toc-Collision_countermeasure-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-See_also" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#See_also"> <div class="vector-toc-text"> <span class="vector-toc-numb">7</span> <span>See also</span> </div> </a> <ul id="toc-See_also-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Notes" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Notes"> <div class="vector-toc-text"> <span class="vector-toc-numb">8</span> <span>Notes</span> </div> </a> <ul id="toc-Notes-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-References" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#References"> <div class="vector-toc-text"> <span class="vector-toc-numb">9</span> <span>References</span> </div> </a> <ul id="toc-References-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-External_links" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#External_links"> <div class="vector-toc-text"> <span class="vector-toc-numb">10</span> <span>External links</span> </div> </a> <ul id="toc-External_links-sublist" class="vector-toc-list"> </ul> </li> </ul> </div> </div> </nav> </div> </div> <div class="mw-content-container"> <main id="content" class="mw-body"> <header class="mw-body-header vector-page-titlebar"> <nav aria-label="Contents" class="vector-toc-landmark"> <div id="vector-page-titlebar-toc" class="vector-dropdown vector-page-titlebar-toc vector-button-flush-left" > <input type="checkbox" id="vector-page-titlebar-toc-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-titlebar-toc" class="vector-dropdown-checkbox " aria-label="Toggle the table of contents" > <label id="vector-page-titlebar-toc-label" for="vector-page-titlebar-toc-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-listBullet mw-ui-icon-wikimedia-listBullet"></span> <span class="vector-dropdown-label-text">Toggle the table of contents</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-titlebar-toc-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <h1 id="firstHeading" class="firstHeading mw-first-heading"><span class="mw-page-title-main">SHA-1</span></h1> <div id="p-lang-btn" class="vector-dropdown mw-portlet mw-portlet-lang" > <input type="checkbox" id="p-lang-btn-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-p-lang-btn" class="vector-dropdown-checkbox mw-interlanguage-selector" aria-label="Go to an article in another language. Available in 25 languages" > <label id="p-lang-btn-label" for="p-lang-btn-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--action-progressive mw-portlet-lang-heading-25" aria-hidden="true" ><span class="vector-icon mw-ui-icon-language-progressive mw-ui-icon-wikimedia-language-progressive"></span> <span class="vector-dropdown-label-text">25 languages</span> </label> <div class="vector-dropdown-content"> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li class="interlanguage-link interwiki-bn mw-list-item"><a href="https://bn.wikipedia.org/wiki/%E0%A6%8F%E0%A6%B8%E0%A6%8F%E0%A6%87%E0%A6%9A%E0%A6%8F-%E0%A7%A7" title="এসএইচএ-১ – Bangla" lang="bn" hreflang="bn" data-title="এসএইচএ-১" data-language-autonym="বাংলা" data-language-local-name="Bangla" class="interlanguage-link-target"><span>বাংলা</span></a></li><li class="interlanguage-link interwiki-bg mw-list-item"><a href="https://bg.wikipedia.org/wiki/SHA-1" title="SHA-1 – Bulgarian" lang="bg" hreflang="bg" data-title="SHA-1" data-language-autonym="Български" data-language-local-name="Bulgarian" class="interlanguage-link-target"><span>Български</span></a></li><li class="interlanguage-link interwiki-ca mw-list-item"><a href="https://ca.wikipedia.org/wiki/Secure_Hash_Algorithm_1" title="Secure Hash Algorithm 1 – Catalan" lang="ca" hreflang="ca" data-title="Secure Hash Algorithm 1" data-language-autonym="Català" data-language-local-name="Catalan" class="interlanguage-link-target"><span>Català</span></a></li><li class="interlanguage-link interwiki-de badge-Q70894304 mw-list-item" title=""><a href="https://de.wikipedia.org/wiki/SHA-1" title="SHA-1 – German" lang="de" hreflang="de" data-title="SHA-1" data-language-autonym="Deutsch" data-language-local-name="German" class="interlanguage-link-target"><span>Deutsch</span></a></li><li class="interlanguage-link interwiki-es mw-list-item"><a href="https://es.wikipedia.org/wiki/SHA-1" title="SHA-1 – Spanish" lang="es" hreflang="es" data-title="SHA-1" data-language-autonym="Español" data-language-local-name="Spanish" class="interlanguage-link-target"><span>Español</span></a></li><li class="interlanguage-link interwiki-fa mw-list-item"><a href="https://fa.wikipedia.org/wiki/%D8%A7%D8%B3%E2%80%8C%D8%A7%DA%86%E2%80%8C%D8%A7%DB%8C-%DB%B1" title="اساچای-۱ – Persian" lang="fa" hreflang="fa" data-title="اساچای-۱" data-language-autonym="فارسی" data-language-local-name="Persian" class="interlanguage-link-target"><span>فارسی</span></a></li><li class="interlanguage-link interwiki-fr mw-list-item"><a href="https://fr.wikipedia.org/wiki/SHA-1" title="SHA-1 – French" lang="fr" hreflang="fr" data-title="SHA-1" data-language-autonym="Français" data-language-local-name="French" class="interlanguage-link-target"><span>Français</span></a></li><li class="interlanguage-link interwiki-ko mw-list-item"><a href="https://ko.wikipedia.org/wiki/SHA-1" title="SHA-1 – Korean" lang="ko" hreflang="ko" data-title="SHA-1" data-language-autonym="한국어" data-language-local-name="Korean" class="interlanguage-link-target"><span>한국어</span></a></li><li class="interlanguage-link interwiki-hr mw-list-item"><a href="https://hr.wikipedia.org/wiki/SHA-1" title="SHA-1 – Croatian" lang="hr" hreflang="hr" data-title="SHA-1" data-language-autonym="Hrvatski" data-language-local-name="Croatian" class="interlanguage-link-target"><span>Hrvatski</span></a></li><li class="interlanguage-link interwiki-id mw-list-item"><a href="https://id.wikipedia.org/wiki/SHA-1" title="SHA-1 – Indonesian" lang="id" hreflang="id" data-title="SHA-1" data-language-autonym="Bahasa Indonesia" data-language-local-name="Indonesian" class="interlanguage-link-target"><span>Bahasa Indonesia</span></a></li><li class="interlanguage-link interwiki-lv mw-list-item"><a href="https://lv.wikipedia.org/wiki/Dro%C5%A1ais_jauk%C5%A1anas_algoritms_1" title="Drošais jaukšanas algoritms 1 – Latvian" lang="lv" hreflang="lv" data-title="Drošais jaukšanas algoritms 1" data-language-autonym="Latviešu" data-language-local-name="Latvian" class="interlanguage-link-target"><span>Latviešu</span></a></li><li class="interlanguage-link interwiki-ml mw-list-item"><a href="https://ml.wikipedia.org/wiki/%E0%B4%8E%E0%B4%B8%E0%B5%8D%E0%B4%8E%E0%B4%9A%E0%B5%8D%E0%B4%8E-1" title="എസ്എച്എ-1 – Malayalam" lang="ml" hreflang="ml" data-title="എസ്എച്എ-1" data-language-autonym="മലയാളം" data-language-local-name="Malayalam" class="interlanguage-link-target"><span>മലയാളം</span></a></li><li class="interlanguage-link interwiki-ja mw-list-item"><a href="https://ja.wikipedia.org/wiki/SHA-1" title="SHA-1 – Japanese" lang="ja" hreflang="ja" data-title="SHA-1" data-language-autonym="日本語" data-language-local-name="Japanese" class="interlanguage-link-target"><span>日本語</span></a></li><li class="interlanguage-link interwiki-pl mw-list-item"><a href="https://pl.wikipedia.org/wiki/SHA-1" title="SHA-1 – Polish" lang="pl" hreflang="pl" data-title="SHA-1" data-language-autonym="Polski" data-language-local-name="Polish" class="interlanguage-link-target"><span>Polski</span></a></li><li class="interlanguage-link interwiki-pt mw-list-item"><a href="https://pt.wikipedia.org/wiki/SHA-1" title="SHA-1 – Portuguese" lang="pt" hreflang="pt" data-title="SHA-1" data-language-autonym="Português" data-language-local-name="Portuguese" class="interlanguage-link-target"><span>Português</span></a></li><li class="interlanguage-link interwiki-ru mw-list-item"><a href="https://ru.wikipedia.org/wiki/SHA-1" title="SHA-1 – Russian" lang="ru" hreflang="ru" data-title="SHA-1" data-language-autonym="Русский" data-language-local-name="Russian" class="interlanguage-link-target"><span>Русский</span></a></li><li class="interlanguage-link interwiki-sq mw-list-item"><a href="https://sq.wikipedia.org/wiki/SHA-1" title="SHA-1 – Albanian" lang="sq" hreflang="sq" data-title="SHA-1" data-language-autonym="Shqip" data-language-local-name="Albanian" class="interlanguage-link-target"><span>Shqip</span></a></li><li class="interlanguage-link interwiki-simple mw-list-item"><a href="https://simple.wikipedia.org/wiki/SHA-1" title="SHA-1 – Simple English" lang="en-simple" hreflang="en-simple" data-title="SHA-1" data-language-autonym="Simple English" data-language-local-name="Simple English" class="interlanguage-link-target"><span>Simple English</span></a></li><li class="interlanguage-link interwiki-sh mw-list-item"><a href="https://sh.wikipedia.org/wiki/SHA-1" title="SHA-1 – Serbo-Croatian" lang="sh" hreflang="sh" data-title="SHA-1" data-language-autonym="Srpskohrvatski / српскохрватски" data-language-local-name="Serbo-Croatian" class="interlanguage-link-target"><span>Srpskohrvatski / српскохрватски</span></a></li><li class="interlanguage-link interwiki-sv mw-list-item"><a href="https://sv.wikipedia.org/wiki/SHA-1" title="SHA-1 – Swedish" lang="sv" hreflang="sv" data-title="SHA-1" data-language-autonym="Svenska" data-language-local-name="Swedish" class="interlanguage-link-target"><span>Svenska</span></a></li><li class="interlanguage-link interwiki-tr mw-list-item"><a href="https://tr.wikipedia.org/wiki/SHA-1" title="SHA-1 – Turkish" lang="tr" hreflang="tr" data-title="SHA-1" data-language-autonym="Türkçe" data-language-local-name="Turkish" class="interlanguage-link-target"><span>Türkçe</span></a></li><li class="interlanguage-link interwiki-uk mw-list-item"><a href="https://uk.wikipedia.org/wiki/SHA-1" title="SHA-1 – Ukrainian" lang="uk" hreflang="uk" data-title="SHA-1" data-language-autonym="Українська" data-language-local-name="Ukrainian" class="interlanguage-link-target"><span>Українська</span></a></li><li class="interlanguage-link interwiki-vi mw-list-item"><a href="https://vi.wikipedia.org/wiki/SHA-1" title="SHA-1 – Vietnamese" lang="vi" hreflang="vi" data-title="SHA-1" data-language-autonym="Tiếng Việt" data-language-local-name="Vietnamese" class="interlanguage-link-target"><span>Tiếng Việt</span></a></li><li class="interlanguage-link interwiki-wuu mw-list-item"><a href="https://wuu.wikipedia.org/wiki/SHA-1" title="SHA-1 – Wu" lang="wuu" hreflang="wuu" data-title="SHA-1" data-language-autonym="吴语" data-language-local-name="Wu" class="interlanguage-link-target"><span>吴语</span></a></li><li class="interlanguage-link interwiki-zh mw-list-item"><a href="https://zh.wikipedia.org/wiki/SHA-1" title="SHA-1 – Chinese" lang="zh" hreflang="zh" data-title="SHA-1" data-language-autonym="中文" data-language-local-name="Chinese" class="interlanguage-link-target"><span>中文</span></a></li> </ul> <div class="after-portlet after-portlet-lang"><span class="wb-langlinks-edit wb-langlinks-link"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q13414952#sitelinks-wikipedia" title="Edit interlanguage links" class="wbc-editpage">Edit links</a></span></div> </div> </div> </div> </header> <div class="vector-page-toolbar"> <div class="vector-page-toolbar-container"> <div id="left-navigation"> <nav aria-label="Namespaces"> <div id="p-associated-pages" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-associated-pages" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-nstab-main" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/SHA-1" title="View the content page [c]" accesskey="c"><span>Article</span></a></li><li id="ca-talk" class="vector-tab-noicon mw-list-item"><a href="/wiki/Talk:SHA-1" rel="discussion" title="Discuss improvements to the content page [t]" accesskey="t"><span>Talk</span></a></li> </ul> </div> </div> <div id="vector-variants-dropdown" class="vector-dropdown emptyPortlet" > <input type="checkbox" id="vector-variants-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-variants-dropdown" class="vector-dropdown-checkbox " aria-label="Change language variant" > <label id="vector-variants-dropdown-label" for="vector-variants-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">English</span> </label> <div class="vector-dropdown-content"> <div id="p-variants" class="vector-menu mw-portlet mw-portlet-variants emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> </div> </div> </nav> </div> <div id="right-navigation" class="vector-collapsible"> <nav aria-label="Views"> <div id="p-views" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-views" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-view" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/SHA-1"><span>Read</span></a></li><li id="ca-edit" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=SHA-1&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-history" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=SHA-1&action=history" title="Past revisions of this page [h]" accesskey="h"><span>View history</span></a></li> </ul> </div> </div> </nav> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-dropdown" class="vector-dropdown vector-page-tools-dropdown" > <input type="checkbox" id="vector-page-tools-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-tools-dropdown" class="vector-dropdown-checkbox " aria-label="Tools" > <label id="vector-page-tools-dropdown-label" for="vector-page-tools-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">Tools</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-tools-unpinned-container" class="vector-unpinned-container"> <div id="vector-page-tools" class="vector-page-tools vector-pinnable-element"> <div class="vector-pinnable-header vector-page-tools-pinnable-header vector-pinnable-header-unpinned" data-feature-name="page-tools-pinned" data-pinnable-element-id="vector-page-tools" data-pinned-container-id="vector-page-tools-pinned-container" data-unpinned-container-id="vector-page-tools-unpinned-container" > <div class="vector-pinnable-header-label">Tools</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-page-tools.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-page-tools.unpin">hide</button> </div> <div id="p-cactions" class="vector-menu mw-portlet mw-portlet-cactions emptyPortlet vector-has-collapsible-items" title="More options" > <div class="vector-menu-heading"> Actions </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-more-view" class="selected vector-more-collapsible-item mw-list-item"><a href="/wiki/SHA-1"><span>Read</span></a></li><li id="ca-more-edit" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=SHA-1&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-more-history" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=SHA-1&action=history"><span>View history</span></a></li> </ul> </div> </div> <div id="p-tb" class="vector-menu mw-portlet mw-portlet-tb" > <div class="vector-menu-heading"> General </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-whatlinkshere" class="mw-list-item"><a href="/wiki/Special:WhatLinksHere/SHA-1" title="List of all English Wikipedia pages containing links to this page [j]" accesskey="j"><span>What links here</span></a></li><li id="t-recentchangeslinked" class="mw-list-item"><a href="/wiki/Special:RecentChangesLinked/SHA-1" rel="nofollow" title="Recent changes in pages linked from this page [k]" accesskey="k"><span>Related changes</span></a></li><li id="t-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_Upload_Wizard" title="Upload files [u]" accesskey="u"><span>Upload file</span></a></li><li id="t-specialpages" class="mw-list-item"><a href="/wiki/Special:SpecialPages" title="A list of all special pages [q]" accesskey="q"><span>Special pages</span></a></li><li id="t-permalink" class="mw-list-item"><a href="/w/index.php?title=SHA-1&oldid=1252305876" title="Permanent link to this revision of this page"><span>Permanent link</span></a></li><li id="t-info" class="mw-list-item"><a href="/w/index.php?title=SHA-1&action=info" title="More information about this page"><span>Page information</span></a></li><li id="t-cite" class="mw-list-item"><a href="/w/index.php?title=Special:CiteThisPage&page=SHA-1&id=1252305876&wpFormIdentifier=titleform" title="Information on how to cite this page"><span>Cite this page</span></a></li><li id="t-urlshortener" class="mw-list-item"><a href="/w/index.php?title=Special:UrlShortener&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FSHA-1"><span>Get shortened URL</span></a></li><li id="t-urlshortener-qrcode" class="mw-list-item"><a href="/w/index.php?title=Special:QrCode&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FSHA-1"><span>Download QR code</span></a></li> </ul> </div> </div> <div id="p-coll-print_export" class="vector-menu mw-portlet mw-portlet-coll-print_export" > <div class="vector-menu-heading"> Print/export </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="coll-download-as-rl" class="mw-list-item"><a href="/w/index.php?title=Special:DownloadAsPdf&page=SHA-1&action=show-download-screen" title="Download this page as a PDF file"><span>Download as PDF</span></a></li><li id="t-print" class="mw-list-item"><a href="/w/index.php?title=SHA-1&printable=yes" title="Printable version of this page [p]" accesskey="p"><span>Printable version</span></a></li> </ul> </div> </div> <div id="p-wikibase-otherprojects" class="vector-menu mw-portlet mw-portlet-wikibase-otherprojects" > <div class="vector-menu-heading"> In other projects </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li class="wb-otherproject-link wb-otherproject-wikifunctions mw-list-item"><a href="https://www.wikifunctions.org/wiki/Z10148" hreflang="en"><span>Wikifunctions</span></a></li><li id="t-wikibase" class="wb-otherproject-link wb-otherproject-wikibase-dataitem mw-list-item"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q13414952" title="Structured data on this page hosted by Wikidata [g]" accesskey="g"><span>Wikidata item</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> </div> </div> </div> <div class="vector-column-end"> <div class="vector-sticky-pinned-container"> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-pinned-container" class="vector-pinned-container"> </div> </nav> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-pinned-container" class="vector-pinned-container"> <div id="vector-appearance" class="vector-appearance vector-pinnable-element"> <div class="vector-pinnable-header vector-appearance-pinnable-header vector-pinnable-header-pinned" data-feature-name="appearance-pinned" data-pinnable-element-id="vector-appearance" data-pinned-container-id="vector-appearance-pinned-container" data-unpinned-container-id="vector-appearance-unpinned-container" > <div class="vector-pinnable-header-label">Appearance</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-appearance.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-appearance.unpin">hide</button> </div> </div> </div> </nav> </div> </div> <div id="bodyContent" class="vector-body" aria-labelledby="firstHeading" data-mw-ve-target-container> <div class="vector-body-before-content"> <div class="mw-indicators"> </div> <div id="siteSub" class="noprint">From Wikipedia, the free encyclopedia</div> </div> <div id="contentSub"><div id="mw-content-subtitle"></div></div> <div id="mw-content-text" class="mw-body-content"><div class="mw-content-ltr mw-parser-output" lang="en" dir="ltr"><div class="shortdescription nomobile noexcerpt noprint searchaux" style="display:none">Cryptographic hash function</div> <style data-mw-deduplicate="TemplateStyles:r1257001546">.mw-parser-output .infobox-subbox{padding:0;border:none;margin:-3px;width:auto;min-width:100%;font-size:100%;clear:none;float:none;background-color:transparent}.mw-parser-output .infobox-3cols-child{margin:auto}.mw-parser-output .infobox .navbar{font-size:100%}@media screen{html.skin-theme-clientpref-night .mw-parser-output .infobox-full-data:not(.notheme)>div:not(.notheme)[style]{background:#1f1f23!important;color:#f8f9fa}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .infobox-full-data:not(.notheme) div:not(.notheme){background:#1f1f23!important;color:#f8f9fa}}@media(min-width:640px){body.skin--responsive .mw-parser-output .infobox-table{display:table!important}body.skin--responsive .mw-parser-output .infobox-table>caption{display:table-caption!important}body.skin--responsive .mw-parser-output .infobox-table>tbody{display:table-row-group}body.skin--responsive .mw-parser-output .infobox-table tr{display:table-row!important}body.skin--responsive .mw-parser-output .infobox-table th,body.skin--responsive .mw-parser-output .infobox-table td{padding-left:inherit;padding-right:inherit}}</style><table class="infobox" style="width:18em; text-align:center; font-size:95%;"><tbody><tr><th colspan="2" class="infobox-above" style="padding-bottom:0.3em; background:transparent; line-height:1.1em; font-size:125%; font-weight:bold;"><a href="/wiki/Secure_Hash_Algorithms" title="Secure Hash Algorithms">Secure Hash Algorithms</a></th></tr><tr><th colspan="2" class="infobox-header" style="background:#E7 C6A5;">Concepts</th></tr><tr><td colspan="2" class="infobox-full-data" style="line-height:1.4em;"><a href="/wiki/Cryptographic_hash_function" title="Cryptographic hash function">hash functions</a>, <a href="/wiki/Secure_Hash_Algorithms" title="Secure Hash Algorithms">SHA</a>, <a href="/wiki/Digital_Signature_Algorithm" title="Digital Signature Algorithm">DSA</a></td></tr><tr><th colspan="2" class="infobox-header" style="background:#E7 C6A5;">Main standards</th></tr><tr><td colspan="2" class="infobox-full-data" style="line-height:1.4em;"><a href="/wiki/SHA-0" class="mw-redirect" title="SHA-0">SHA-0</a>, <a class="mw-selflink selflink">SHA-1</a>, <a href="/wiki/SHA-2" title="SHA-2">SHA-2</a>, <a href="/wiki/SHA-3" title="SHA-3">SHA-3</a> <hr /></td></tr><tr><td colspan="2" class="infobox-navbar"><style data-mw-deduplicate="TemplateStyles:r1129693374">.mw-parser-output .hlist dl,.mw-parser-output .hlist ol,.mw-parser-output .hlist ul{margin:0;padding:0}.mw-parser-output .hlist dd,.mw-parser-output .hlist dt,.mw-parser-output .hlist li{margin:0;display:inline}.mw-parser-output .hlist.inline,.mw-parser-output .hlist.inline dl,.mw-parser-output .hlist.inline ol,.mw-parser-output .hlist.inline ul,.mw-parser-output .hlist dl dl,.mw-parser-output .hlist dl ol,.mw-parser-output .hlist dl ul,.mw-parser-output .hlist ol dl,.mw-parser-output .hlist ol ol,.mw-parser-output .hlist ol ul,.mw-parser-output .hlist ul dl,.mw-parser-output .hlist ul ol,.mw-parser-output .hlist ul ul{display:inline}.mw-parser-output .hlist .mw-empty-li{display:none}.mw-parser-output .hlist dt::after{content:": "}.mw-parser-output .hlist dd::after,.mw-parser-output .hlist li::after{content:" · ";font-weight:bold}.mw-parser-output .hlist dd:last-child::after,.mw-parser-output .hlist dt:last-child::after,.mw-parser-output .hlist li:last-child::after{content:none}.mw-parser-output .hlist dd dd:first-child::before,.mw-parser-output .hlist dd dt:first-child::before,.mw-parser-output .hlist dd li:first-child::before,.mw-parser-output .hlist dt dd:first-child::before,.mw-parser-output .hlist dt dt:first-child::before,.mw-parser-output .hlist dt li:first-child::before,.mw-parser-output .hlist li dd:first-child::before,.mw-parser-output .hlist li dt:first-child::before,.mw-parser-output .hlist li li:first-child::before{content:" (";font-weight:normal}.mw-parser-output .hlist dd dd:last-child::after,.mw-parser-output .hlist dd dt:last-child::after,.mw-parser-output .hlist dd li:last-child::after,.mw-parser-output .hlist dt dd:last-child::after,.mw-parser-output .hlist dt dt:last-child::after,.mw-parser-output .hlist dt li:last-child::after,.mw-parser-output .hlist li dd:last-child::after,.mw-parser-output .hlist li dt:last-child::after,.mw-parser-output .hlist li li:last-child::after{content:")";font-weight:normal}.mw-parser-output .hlist ol{counter-reset:listitem}.mw-parser-output .hlist ol>li{counter-increment:listitem}.mw-parser-output .hlist ol>li::before{content:" "counter(listitem)"\a0 "}.mw-parser-output .hlist dd ol>li:first-child::before,.mw-parser-output .hlist dt ol>li:first-child::before,.mw-parser-output .hlist li ol>li:first-child::before{content:" ("counter(listitem)"\a0 "}</style><style data-mw-deduplicate="TemplateStyles:r1239400231">.mw-parser-output .navbar{display:inline;font-size:88%;font-weight:normal}.mw-parser-output .navbar-collapse{float:left;text-align:left}.mw-parser-output .navbar-boxtext{word-spacing:0}.mw-parser-output .navbar ul{display:inline-block;white-space:nowrap;line-height:inherit}.mw-parser-output .navbar-brackets::before{margin-right:-0.125em;content:"[ "}.mw-parser-output .navbar-brackets::after{margin-left:-0.125em;content:" ]"}.mw-parser-output .navbar li{word-spacing:-0.125em}.mw-parser-output .navbar a>span,.mw-parser-output .navbar a>abbr{text-decoration:inherit}.mw-parser-output .navbar-mini abbr{font-variant:small-caps;border-bottom:none;text-decoration:none;cursor:inherit}.mw-parser-output .navbar-ct-full{font-size:114%;margin:0 7em}.mw-parser-output .navbar-ct-mini{font-size:114%;margin:0 4em}html.skin-theme-clientpref-night .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}@media(prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}}@media print{.mw-parser-output .navbar{display:none!important}}</style><div class="navbar plainlinks hlist navbar-mini"><ul><li class="nv-view"><a href="/wiki/Template:SHA-box" title="Template:SHA-box"><abbr title="View this template">v</abbr></a></li><li class="nv-talk"><a href="/wiki/Template_talk:SHA-box" title="Template talk:SHA-box"><abbr title="Discuss this template">t</abbr></a></li><li class="nv-edit"><a href="/wiki/Special:EditPage/Template:SHA-box" title="Special:EditPage/Template:SHA-box"><abbr title="Edit this template">e</abbr></a></li></ul></div></td></tr></tbody></table> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1257001546"><table class="infobox"><caption class="infobox-title">SHA-1</caption><tbody><tr><th colspan="2" class="infobox-header">General</th></tr><tr><th scope="row" class="infobox-label">Designers</th><td class="infobox-data"><a href="/wiki/National_Security_Agency" title="National Security Agency">National Security Agency</a></td></tr><tr><th scope="row" class="infobox-label">First published</th><td class="infobox-data">1993 (SHA-0),<br />1995 (SHA-1)</td></tr><tr><th scope="row" class="infobox-label">Series</th><td class="infobox-data">(<a href="/wiki/SHA-0" class="mw-redirect" title="SHA-0">SHA-0</a>), SHA-1, <a href="/wiki/SHA-2" title="SHA-2">SHA-2</a>, <a href="/wiki/SHA-3" title="SHA-3">SHA-3</a></td></tr><tr><th scope="row" class="infobox-label">Certification</th><td class="infobox-data"><a href="/wiki/Federal_Information_Processing_Standard" class="mw-redirect" title="Federal Information Processing Standard">FIPS</a> PUB 180-4, <a href="/wiki/CRYPTREC" title="CRYPTREC">CRYPTREC</a> (Monitored)</td></tr><tr><th colspan="2" class="infobox-header">Cipher detail</th></tr><tr><th scope="row" class="infobox-label"><a href="/wiki/Cryptographic_hash_function" title="Cryptographic hash function">Digest sizes</a></th><td class="infobox-data">160 bits</td></tr><tr><th scope="row" class="infobox-label"><a href="/wiki/Block_size_(cryptography)" title="Block size (cryptography)">Block sizes</a></th><td class="infobox-data">512 bits</td></tr><tr><th scope="row" class="infobox-label">Structure</th><td class="infobox-data"><a href="/wiki/Merkle%E2%80%93Damg%C3%A5rd_construction" title="Merkle–Damgård construction">Merkle–Damgård construction</a></td></tr><tr><th scope="row" class="infobox-label"><a href="/wiki/Round_(cryptography)" title="Round (cryptography)">Rounds</a></th><td class="infobox-data">80</td></tr><tr><th colspan="2" class="infobox-header">Best public <a href="/wiki/Cryptanalysis" title="Cryptanalysis">cryptanalysis</a></th></tr><tr><td colspan="2" class="infobox-below" style="line-height: 1.25em; text-align: left">A 2011 attack by Marc Stevens can produce hash collisions with a complexity between 2<sup>60.3</sup> and 2<sup>65.3</sup> operations.<sup id="cite_ref-stevens-attacks_1-0" class="reference"><a href="#cite_note-stevens-attacks-1"><span class="cite-bracket">[</span>1<span class="cite-bracket">]</span></a></sup> The first public collision was published on 23 February 2017.<sup id="cite_ref-sha1-shattered_2-0" class="reference"><a href="#cite_note-sha1-shattered-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup> SHA-1 is prone to <a href="/wiki/Length_extension_attack" title="Length extension attack">length extension attacks</a>.</td></tr></tbody></table> <p>In <a href="/wiki/Cryptography" title="Cryptography">cryptography</a>, <b>SHA-1</b> (<b>Secure Hash Algorithm 1</b>) is a <a href="/wiki/Hash_function" title="Hash function">hash function</a> which takes an input and produces a 160-<a href="/wiki/Bit" title="Bit">bit</a> (20-<a href="/wiki/Byte" title="Byte">byte</a>) hash value known as a <a href="/wiki/Message_digest" class="mw-redirect" title="Message digest">message digest</a> – typically rendered as 40 <a href="/wiki/Hexadecimal" title="Hexadecimal">hexadecimal</a> digits. It was designed by the United States <a href="/wiki/National_Security_Agency" title="National Security Agency">National Security Agency</a>, and is a U.S. <a href="/wiki/Federal_Information_Processing_Standard" class="mw-redirect" title="Federal Information Processing Standard">Federal Information Processing Standard</a>.<sup id="cite_ref-:0_3-0" class="reference"><a href="#cite_note-:0-3"><span class="cite-bracket">[</span>3<span class="cite-bracket">]</span></a></sup> The algorithm has been cryptographically broken<sup id="cite_ref-:1_4-0" class="reference"><a href="#cite_note-:1-4"><span class="cite-bracket">[</span>4<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-autogenerated1_5-0" class="reference"><a href="#cite_note-autogenerated1-5"><span class="cite-bracket">[</span>5<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-:2_6-0" class="reference"><a href="#cite_note-:2-6"><span class="cite-bracket">[</span>6<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-:3_7-0" class="reference"><a href="#cite_note-:3-7"><span class="cite-bracket">[</span>7<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-leurent-peyrin-sha1-shambles_8-0" class="reference"><a href="#cite_note-leurent-peyrin-sha1-shambles-8"><span class="cite-bracket">[</span>8<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-:4_9-0" class="reference"><a href="#cite_note-:4-9"><span class="cite-bracket">[</span>9<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-shappening_10-0" class="reference"><a href="#cite_note-shappening-10"><span class="cite-bracket">[</span>10<span class="cite-bracket">]</span></a></sup> but is still widely used. </p><p>Since 2005, SHA-1 has not been considered secure against well-funded opponents;<sup id="cite_ref-11" class="reference"><a href="#cite_note-11"><span class="cite-bracket">[</span>11<span class="cite-bracket">]</span></a></sup> as of 2010 many organizations have recommended its replacement.<sup id="cite_ref-12" class="reference"><a href="#cite_note-12"><span class="cite-bracket">[</span>12<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-shappening_10-1" class="reference"><a href="#cite_note-shappening-10"><span class="cite-bracket">[</span>10<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-13" class="reference"><a href="#cite_note-13"><span class="cite-bracket">[</span>13<span class="cite-bracket">]</span></a></sup> <a href="/wiki/NIST" class="mw-redirect" title="NIST">NIST</a> formally deprecated use of SHA-1 in 2011 and disallowed its use for digital signatures in 2013, and declared that it should be phased out by 2030.<sup id="cite_ref-14" class="reference"><a href="#cite_note-14"><span class="cite-bracket">[</span>14<span class="cite-bracket">]</span></a></sup> As of 2020<sup class="plainlinks noexcerpt noprint asof-tag update" style="display:none;"><a class="external text" href="https://en.wikipedia.org/w/index.php?title=SHA-1&action=edit">[update]</a></sup>, <a href="/wiki/Chosen-prefix_attack" class="mw-redirect" title="Chosen-prefix attack">chosen-prefix attacks</a> against SHA-1 are practical.<sup id="cite_ref-:2_6-1" class="reference"><a href="#cite_note-:2-6"><span class="cite-bracket">[</span>6<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-leurent-peyrin-sha1-shambles_8-1" class="reference"><a href="#cite_note-leurent-peyrin-sha1-shambles-8"><span class="cite-bracket">[</span>8<span class="cite-bracket">]</span></a></sup> As such, it is recommended to remove SHA-1 from products as soon as possible and instead use <a href="/wiki/SHA-2" title="SHA-2">SHA-2</a> or <a href="/wiki/SHA-3" title="SHA-3">SHA-3</a>. Replacing SHA-1 is urgent where it is used for <a href="/wiki/Digital_signatures" class="mw-redirect" title="Digital signatures">digital signatures</a>. </p><p>All major <a href="/wiki/Web_browser" title="Web browser">web browser</a> vendors ceased acceptance of SHA-1 <a href="/wiki/SSL_certificate" class="mw-redirect" title="SSL certificate">SSL certificates</a> in 2017.<sup id="cite_ref-15" class="reference"><a href="#cite_note-15"><span class="cite-bracket">[</span>15<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-:4_9-1" class="reference"><a href="#cite_note-:4-9"><span class="cite-bracket">[</span>9<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-:1_4-1" class="reference"><a href="#cite_note-:1-4"><span class="cite-bracket">[</span>4<span class="cite-bracket">]</span></a></sup> In February 2017, <a href="/wiki/CWI_Amsterdam" class="mw-redirect" title="CWI Amsterdam">CWI Amsterdam</a> and <a href="/wiki/Google" title="Google">Google</a> announced they had performed a <a href="/wiki/Collision_attack" title="Collision attack">collision attack</a> against SHA-1, publishing two dissimilar PDF files which produced the same SHA-1 hash.<sup id="cite_ref-16" class="reference"><a href="#cite_note-16"><span class="cite-bracket">[</span>16<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-sha1-shattered_2-1" class="reference"><a href="#cite_note-sha1-shattered-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup> However, SHA-1 is still secure for <a href="/wiki/HMAC" title="HMAC">HMAC</a>.<sup id="cite_ref-17" class="reference"><a href="#cite_note-17"><span class="cite-bracket">[</span>17<span class="cite-bracket">]</span></a></sup> </p><p><a href="/wiki/Microsoft" title="Microsoft">Microsoft</a> has discontinued SHA-1 code signing support for <a href="/wiki/Windows_Update" title="Windows Update">Windows Update</a> on August 3, 2020,<sup id="cite_ref-18" class="reference"><a href="#cite_note-18"><span class="cite-bracket">[</span>18<span class="cite-bracket">]</span></a></sup> which also effectively ended the update servers for versions of <a href="/wiki/Microsoft_Windows" title="Microsoft Windows">Windows</a> that have not been updated to SHA-2, such as <a href="/wiki/Windows_2000" title="Windows 2000">Windows 2000</a> up to <a href="/wiki/Windows_Vista" title="Windows Vista">Vista</a>, as well as <a href="/wiki/Windows_Server" title="Windows Server">Windows Server</a> versions from <a href="/wiki/Windows_2000#Editions" title="Windows 2000">Windows 2000 Server</a> to <a href="/wiki/Windows_Server_2003" title="Windows Server 2003">Server 2003</a>. </p> <meta property="mw:PageProp/toc" /> <div class="mw-heading mw-heading2"><h2 id="Development">Development</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=SHA-1&action=edit&section=1" title="Edit section: Development"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <figure class="mw-halign-right" typeof="mw:File/Thumb"><a href="/wiki/File:SHA-1.svg" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/e/e2/SHA-1.svg/300px-SHA-1.svg.png" decoding="async" width="300" height="312" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/e/e2/SHA-1.svg/450px-SHA-1.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/e/e2/SHA-1.svg/600px-SHA-1.svg.png 2x" data-file-width="365" data-file-height="380" /></a><figcaption>One iteration within the SHA-1 compression function:<style data-mw-deduplicate="TemplateStyles:r1126788409">.mw-parser-output .plainlist ol,.mw-parser-output .plainlist ul{line-height:inherit;list-style:none;margin:0;padding:0}.mw-parser-output .plainlist ol li,.mw-parser-output .plainlist ul li{margin-bottom:0}</style><div class="plainlist"><ul style="margin-left:1em;text-indent:-1em;"><li>A, B, C, D and E are 32-bit <a href="/wiki/Word_(data_type)" class="mw-redirect" title="Word (data type)">words</a> of the state;</li><li><i>F</i> is a nonlinear function that varies;</li><li><span class="nowrap">⁠<span class="mwe-math-element"><span class="mwe-math-mathml-inline mwe-math-mathml-a11y" style="display: none;"><math xmlns="http://www.w3.org/1998/Math/MathML" alttext="{\displaystyle \lll _{n}}"> <semantics> <mrow class="MJX-TeXAtom-ORD"> <mstyle displaystyle="true" scriptlevel="0"> <msub> <mo>⋘<!-- ⋘ --></mo> <mrow class="MJX-TeXAtom-ORD"> <mi>n</mi> </mrow> </msub> </mstyle> </mrow> <annotation encoding="application/x-tex">{\displaystyle \lll _{n}}</annotation> </semantics> </math></span><img src="https://wikimedia.org/api/rest_v1/media/math/render/svg/5dab3ac968232e22a7a00110dc8b5c90531d33dc" class="mwe-math-fallback-image-inline mw-invert skin-invert" aria-hidden="true" style="vertical-align: -0.671ex; width:4.316ex; height:2.176ex;" alt="{\displaystyle \lll _{n}}"></span>⁠</span> denotes a left bit rotation by <i>n</i> places;</li><li><i>n</i> varies for each operation;</li><li>W<sub><i>t</i></sub> is the expanded message word of round <i>t</i>;</li><li>K<sub><i>t</i></sub> is the round constant of round <i>t</i>;</li><li><span class="mw-default-size" typeof="mw:File"><a href="/wiki/File:Boxplus.png" class="mw-file-description" title="Addition"><img alt="⊞" src="//upload.wikimedia.org/wikipedia/commons/7/75/Boxplus.png" decoding="async" width="11" height="11" class="mw-file-element" data-file-width="11" data-file-height="11" /></a></span> denotes addition modulo 2<sup>32</sup>.</li></ul></div></figcaption></figure> <p>SHA-1 produces a <a href="/wiki/Message_digest" class="mw-redirect" title="Message digest">message digest</a> based on principles similar to those used by <a href="/wiki/Ron_Rivest" title="Ron Rivest">Ronald L. Rivest</a> of <a href="/wiki/Massachusetts_Institute_of_Technology" title="Massachusetts Institute of Technology">MIT</a> in the design of the <a href="/wiki/MD2_(hash_function)" title="MD2 (hash function)">MD2</a>, <a href="/wiki/MD4" title="MD4">MD4</a> and <a href="/wiki/MD5" title="MD5">MD5</a> message digest algorithms, but generates a larger hash value (160 bits vs. 128 bits). </p><p>SHA-1 was developed as part of the U.S. Government's <a href="/wiki/Capstone_(cryptography)" title="Capstone (cryptography)">Capstone project</a>.<sup id="cite_ref-19" class="reference"><a href="#cite_note-19"><span class="cite-bracket">[</span>19<span class="cite-bracket">]</span></a></sup> The original specification of the algorithm was published in 1993 under the title <i>Secure Hash Standard</i>, <a href="/wiki/Federal_Information_Processing_Standard" class="mw-redirect" title="Federal Information Processing Standard">FIPS</a> PUB 180, by U.S. government standards agency <a href="/wiki/NIST" class="mw-redirect" title="NIST">NIST</a> (National Institute of Standards and Technology).<sup id="cite_ref-20" class="reference"><a href="#cite_note-20"><span class="cite-bracket">[</span>20<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-21" class="reference"><a href="#cite_note-21"><span class="cite-bracket">[</span>21<span class="cite-bracket">]</span></a></sup> This version is now often named <i>SHA-0</i>. It was withdrawn by the <a href="/wiki/NSA" class="mw-redirect" title="NSA">NSA</a> shortly after publication and was superseded by the revised version, published in 1995 in FIPS PUB 180-1 and commonly designated <i>SHA-1</i>. SHA-1 differs from SHA-0 only by a single bitwise rotation in the message schedule of its <a href="/wiki/One-way_compression_function" title="One-way compression function">compression function</a>. According to the NSA, this was done to correct a flaw in the original algorithm which reduced its cryptographic security, but they did not provide any further explanation.<sup id="cite_ref-22" class="reference"><a href="#cite_note-22"><span class="cite-bracket">[</span>22<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-23" class="reference"><a href="#cite_note-23"><span class="cite-bracket">[</span>23<span class="cite-bracket">]</span></a></sup> Publicly available techniques did indeed demonstrate a compromise of SHA-0, in 2004, before SHA-1 in 2017 (<i>see <a href="#Attacks">§Attacks</a></i>). </p> <div class="mw-heading mw-heading2"><h2 id="Applications">Applications</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=SHA-1&action=edit&section=2" title="Edit section: Applications"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <div class="mw-heading mw-heading3"><h3 id="Cryptography">Cryptography</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=SHA-1&action=edit&section=3" title="Edit section: Cryptography"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1236090951">.mw-parser-output .hatnote{font-style:italic}.mw-parser-output div.hatnote{padding-left:1.6em;margin-bottom:0.5em}.mw-parser-output .hatnote i{font-style:normal}.mw-parser-output .hatnote+link+.hatnote{margin-top:-0.5em}@media print{body.ns-0 .mw-parser-output .hatnote{display:none!important}}</style><div role="note" class="hatnote navigation-not-searchable">Further information: <a href="/wiki/Cryptographic_hash_function#Applications" title="Cryptographic hash function">Cryptographic hash function § Applications</a></div> <p>SHA-1 forms part of several widely used security applications and protocols, including <a href="/wiki/Transport_Layer_Security" title="Transport Layer Security">TLS</a> and <a href="/wiki/Secure_Sockets_Layer" class="mw-redirect" title="Secure Sockets Layer">SSL</a>, <a href="/wiki/Pretty_Good_Privacy" title="Pretty Good Privacy">PGP</a>, <a href="/wiki/Secure_Shell" title="Secure Shell">SSH</a>, <a href="/wiki/S/MIME" title="S/MIME">S/MIME</a>, and <a href="/wiki/IPsec" title="IPsec">IPsec</a>. Those applications can also use <a href="/wiki/MD5" title="MD5">MD5</a>; both MD5 and SHA-1 are descended from <a href="/wiki/MD4" title="MD4">MD4</a>. </p><p>SHA-1 and SHA-2 are the hash algorithms required by law for use in certain <a href="/wiki/U.S._government" class="mw-redirect" title="U.S. government">U.S. government</a> applications, including use within other cryptographic algorithms and protocols, for the protection of sensitive unclassified information. FIPS PUB 180-1 also encouraged adoption and use of SHA-1 by private and commercial organizations. SHA-1 is being retired from most government uses; the U.S. National Institute of Standards and Technology said, "Federal agencies should stop using SHA-1 for...applications that require collision resistance as soon as practical, and must use the <a href="/wiki/SHA-2" title="SHA-2">SHA-2</a> family of hash functions for these applications after 2010",<sup id="cite_ref-Computer_Security_Division_24-0" class="reference"><a href="#cite_note-Computer_Security_Division-24"><span class="cite-bracket">[</span>24<span class="cite-bracket">]</span></a></sup> though that was later relaxed to allow SHA-1 to be used for verifying old digital signatures and time stamps.<sup id="cite_ref-Computer_Security_Division_24-1" class="reference"><a href="#cite_note-Computer_Security_Division-24"><span class="cite-bracket">[</span>24<span class="cite-bracket">]</span></a></sup> </p><p>A prime motivation for the publication of the <a href="/wiki/Secure_Hash_Algorithm" class="mw-redirect" title="Secure Hash Algorithm">Secure Hash Algorithm</a> was the <a href="/wiki/Digital_Signature_Algorithm" title="Digital Signature Algorithm">Digital Signature Standard</a>, in which it is incorporated. </p><p>The SHA hash functions have been used for the basis of the <a href="/wiki/SHACAL" title="SHACAL">SHACAL</a> <a href="/wiki/Block_cipher" title="Block cipher">block ciphers</a>. </p> <div class="mw-heading mw-heading3"><h3 id="Data_integrity">Data integrity<span class="anchor" id="Data_Integrity"></span></h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=SHA-1&action=edit&section=4" title="Edit section: Data integrity"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p><a href="/wiki/Revision_control" class="mw-redirect" title="Revision control">Revision control</a> systems such as <a href="/wiki/Git_(software)" class="mw-redirect" title="Git (software)">Git</a>, <a href="/wiki/Mercurial" title="Mercurial">Mercurial</a>, and <a href="/wiki/Monotone_(software)" title="Monotone (software)">Monotone</a> use SHA-1, not for security, but to identify revisions and to ensure that the data has not changed due to accidental corruption. <a href="/wiki/Linus_Torvalds" title="Linus Torvalds">Linus Torvalds</a> said about Git in 2007: </p> <dl><dd>If you have disk corruption, if you have DRAM corruption, if you have any kind of problems at all, Git will notice them. It's not a question of <i>if</i>, it's a guarantee. You can have people who try to be malicious. They won't succeed. [...] Nobody has been able to break SHA-1, but the point is the SHA-1, as far as Git is concerned, isn't even a security feature. It's purely a consistency check. The security parts are elsewhere, so a lot of people assume that since Git uses SHA-1 and SHA-1 is used for cryptographically secure stuff, they think that, Okay, it's a huge security feature. It has nothing at all to do with security, it's just the best hash you can get. ...</dd> <dd>I guarantee you, if you put your data in Git, you can trust the fact that five years later, after it was converted from your hard disk to DVD to whatever new technology and you copied it along, five years later you can verify that the data you get back out is the exact same data you put in. [...]</dd> <dd>One of the reasons I care is for the kernel, we had a break in on one of the <a href="/wiki/BitKeeper" title="BitKeeper">BitKeeper</a> sites where people tried to corrupt the kernel source code repositories.<sup id="cite_ref-25" class="reference"><a href="#cite_note-25"><span class="cite-bracket">[</span>25<span class="cite-bracket">]</span></a></sup></dd></dl> <p>However Git does not require the <a href="/wiki/Second_preimage_resistance" class="mw-redirect" title="Second preimage resistance">second preimage resistance</a> of SHA-1 as a security feature, since it will always prefer to keep the earliest version of an object in case of collision, preventing an attacker from surreptitiously overwriting files.<sup id="cite_ref-26" class="reference"><a href="#cite_note-26"><span class="cite-bracket">[</span>26<span class="cite-bracket">]</span></a></sup> The known attacks (as of 2020) also do not break second preimage resistance.<sup id="cite_ref-27" class="reference"><a href="#cite_note-27"><span class="cite-bracket">[</span>27<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Cryptanalysis_and_validation">Cryptanalysis and validation</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=SHA-1&action=edit&section=5" title="Edit section: Cryptanalysis and validation"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>For a hash function for which <i>L</i> is the number of bits in the message digest, finding a message that corresponds to a given message digest can always be done using a brute force search in approximately 2<sup><i>L</i></sup> evaluations. This is called a <a href="/wiki/Preimage_attack" title="Preimage attack">preimage attack</a> and may or may not be practical depending on <i>L</i> and the particular computing environment. However, a <i>collision</i>, consisting of finding two different messages that produce the same message digest, requires on average only about <span class="nowrap">1.2 × 2<sup><i>L</i>/2</sup></span> evaluations using a <a href="/wiki/Birthday_attack" title="Birthday attack">birthday attack</a>. Thus the <a href="/wiki/Security_level" title="Security level">strength</a> of a hash function is usually compared to a symmetric cipher of half the message digest length. SHA-1, which has a 160-bit message digest, was originally thought to have 80-bit strength. </p><p>Some of the applications that use cryptographic hashes, like password storage, are only minimally affected by a collision attack. Constructing a password that works for a given account requires a <a href="/wiki/Preimage_attack" title="Preimage attack">preimage attack</a>, as well as access to the hash of the original password, which may or may not be trivial. Reversing password encryption (e.g. to obtain a password to try against a user's account elsewhere) is not made possible by the attacks. However, even a secure password hash can't prevent brute-force attacks on <a href="/wiki/Password_strength" title="Password strength">weak passwords</a>. <i>See</i> <a href="/wiki/Password_cracking" title="Password cracking">Password cracking</a>. </p><p>In the case of document signing, an attacker could not simply fake a signature from an existing document: The attacker would have to produce a pair of documents, one innocuous and one damaging, and get the private key holder to sign the innocuous document. There are practical circumstances in which this is possible; until the end of 2008, it was possible to create forged <a href="/wiki/Transport_Layer_Security" title="Transport Layer Security">SSL</a> certificates using an <a href="/wiki/MD5" title="MD5">MD5</a> collision.<sup id="cite_ref-28" class="reference"><a href="#cite_note-28"><span class="cite-bracket">[</span>28<span class="cite-bracket">]</span></a></sup> </p><p>Due to the block and iterative structure of the algorithms and the absence of additional final steps, all SHA functions (except SHA-3)<sup id="cite_ref-29" class="reference"><a href="#cite_note-29"><span class="cite-bracket">[</span>29<span class="cite-bracket">]</span></a></sup> are vulnerable to <a href="/wiki/Length_extension_attack" title="Length extension attack">length-extension</a> and partial-message collision attacks.<sup id="cite_ref-30" class="reference"><a href="#cite_note-30"><span class="cite-bracket">[</span>30<span class="cite-bracket">]</span></a></sup> These attacks allow an attacker to forge a message signed only by a keyed hash – <span class="nowrap">SHA(<i>key</i> || <i>message</i>)</span>, but not <span class="nowrap">SHA(<i>message</i> || <i>key</i>)</span> – by extending the message and recalculating the hash without knowing the key. A simple improvement to prevent these attacks is to hash twice: <span class="nowrap">SHA<sub>d</sub>(<i>message</i>) = SHA(SHA(0<sup><i>b</i></sup> || <i>message</i>))</span> (the length of 0<sup><i>b</i></sup>, zero block, is equal to the block size of the hash function). </p> <div class="mw-heading mw-heading3"><h3 id="SHA-0">SHA-0</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=SHA-1&action=edit&section=6" title="Edit section: SHA-0"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>At <a href="/wiki/CRYPTO_(conference)" class="mw-redirect" title="CRYPTO (conference)">CRYPTO</a> 98, two French researchers, <a href="/w/index.php?title=Florent_Chabaud&action=edit&redlink=1" class="new" title="Florent Chabaud (page does not exist)">Florent Chabaud</a> and <a href="/wiki/Antoine_Joux" title="Antoine Joux">Antoine Joux</a>, presented an attack on SHA-0: <a href="/wiki/Hash_collision" title="Hash collision">collisions</a> can be found with complexity 2<sup>61</sup>, fewer than the 2<sup>80</sup> for an ideal hash function of the same size.<sup id="cite_ref-sha0-chabaud_31-0" class="reference"><a href="#cite_note-sha0-chabaud-31"><span class="cite-bracket">[</span>31<span class="cite-bracket">]</span></a></sup> </p><p>In 2004, <a href="/wiki/Eli_Biham" title="Eli Biham">Biham</a> and Chen found near-collisions for SHA-0 – two messages that hash to nearly the same value; in this case, 142 out of the 160 bits are equal. They also found full collisions of SHA-0 reduced to 62 out of its 80 rounds.<sup id="cite_ref-32" class="reference"><a href="#cite_note-32"><span class="cite-bracket">[</span>32<span class="cite-bracket">]</span></a></sup> </p><p>Subsequently, on 12 August 2004, a collision for the full SHA-0 algorithm was announced by Joux, Carribault, Lemuet, and Jalby. This was done by using a generalization of the Chabaud and Joux attack. Finding the collision had complexity 2<sup>51</sup> and took about 80,000 processor-hours on a <a href="/wiki/Supercomputer" title="Supercomputer">supercomputer</a> with 256 <a href="/wiki/Itanium_2" class="mw-redirect" title="Itanium 2">Itanium 2</a> processors (equivalent to 13 days of full-time use of the computer). </p><p>On 17 August 2004, at the Rump Session of CRYPTO 2004, preliminary results were announced by <a href="/wiki/Xiaoyun_Wang" class="mw-redirect" title="Xiaoyun Wang">Wang</a>, Feng, Lai, and Yu, about an attack on <a href="/wiki/MD5" title="MD5">MD5</a>, SHA-0 and other hash functions. The complexity of their attack on SHA-0 is 2<sup>40</sup>, significantly better than the attack by Joux <i>et al.</i><sup id="cite_ref-33" class="reference"><a href="#cite_note-33"><span class="cite-bracket">[</span>33<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-34" class="reference"><a href="#cite_note-34"><span class="cite-bracket">[</span>34<span class="cite-bracket">]</span></a></sup> </p><p>In February 2005, an attack by <a href="/wiki/Xiaoyun_Wang" class="mw-redirect" title="Xiaoyun Wang">Xiaoyun Wang</a>, <a href="/wiki/Yiqun_Lisa_Yin" title="Yiqun Lisa Yin">Yiqun Lisa Yin</a>, and Hongbo Yu was announced which could find collisions in SHA-0 in 2<sup>39</sup> operations.<sup id="cite_ref-autogenerated1_5-1" class="reference"><a href="#cite_note-autogenerated1-5"><span class="cite-bracket">[</span>5<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-35" class="reference"><a href="#cite_note-35"><span class="cite-bracket">[</span>35<span class="cite-bracket">]</span></a></sup> </p><p>Another attack in 2008 applying the <a href="/wiki/Boomerang_attack" title="Boomerang attack">boomerang attack</a> brought the complexity of finding collisions down to 2<sup>33.6</sup>, which was estimated to take 1 hour on an average PC from the year 2008.<sup id="cite_ref-36" class="reference"><a href="#cite_note-36"><span class="cite-bracket">[</span>36<span class="cite-bracket">]</span></a></sup> </p><p>In light of the results for SHA-0, some experts<sup class="noprint Inline-Template" style="white-space:nowrap;">[<i><a href="/wiki/Wikipedia:Manual_of_Style/Words_to_watch#Unsupported_attributions" title="Wikipedia:Manual of Style/Words to watch"><span title="The material near this tag possibly uses too-vague attribution or weasel words. (September 2015)">who?</span></a></i>]</sup> suggested that plans for the use of SHA-1 in new <a href="/wiki/Cryptosystem" title="Cryptosystem">cryptosystems</a> should be reconsidered. After the CRYPTO 2004 results were published, NIST announced that they planned to phase out the use of SHA-1 by 2010 in favor of the SHA-2 variants.<sup id="cite_ref-37" class="reference"><a href="#cite_note-37"><span class="cite-bracket">[</span>37<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="Attacks">Attacks</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=SHA-1&action=edit&section=7" title="Edit section: Attacks"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>In early 2005, <a href="/wiki/Vincent_Rijmen" title="Vincent Rijmen">Vincent Rijmen</a> and <a href="/wiki/Elisabeth_Oswald" title="Elisabeth Oswald">Elisabeth Oswald</a> published an attack on a reduced version of SHA-1 – 53 out of 80 rounds – which finds collisions with a computational effort of fewer than 2<sup>80</sup> operations.<sup id="cite_ref-38" class="reference"><a href="#cite_note-38"><span class="cite-bracket">[</span>38<span class="cite-bracket">]</span></a></sup> </p><p>In February 2005, an attack by <a href="/wiki/Xiaoyun_Wang" class="mw-redirect" title="Xiaoyun Wang">Xiaoyun Wang</a>, Yiqun Lisa Yin, and Hongbo Yu was announced.<sup id="cite_ref-autogenerated1_5-2" class="reference"><a href="#cite_note-autogenerated1-5"><span class="cite-bracket">[</span>5<span class="cite-bracket">]</span></a></sup> The attacks can find collisions in the full version of SHA-1, requiring fewer than 2<sup>69</sup> operations. (A <a href="/wiki/Brute-force_search" title="Brute-force search">brute-force search</a> would require 2<sup>80</sup> operations.) </p><p>The authors write: "In particular, our analysis is built upon the original differential attack on SHA-0, the near collision attack on SHA-0, the multiblock collision techniques, as well as the message modification techniques used in the collision search attack on MD5. Breaking SHA-1 would not be possible without these powerful analytical techniques."<sup id="cite_ref-39" class="reference"><a href="#cite_note-39"><span class="cite-bracket">[</span>39<span class="cite-bracket">]</span></a></sup> The authors have presented a collision for 58-round SHA-1, found with 2<sup>33</sup> hash operations. The paper with the full attack description was published in August 2005 at the CRYPTO conference. </p><p>In an interview, Yin states that, "Roughly, we exploit the following two weaknesses: One is that the file preprocessing step is not complicated enough; another is that certain math operations in the first 20 rounds have unexpected security problems."<sup id="cite_ref-40" class="reference"><a href="#cite_note-40"><span class="cite-bracket">[</span>40<span class="cite-bracket">]</span></a></sup> </p><p>On 17 August 2005, an improvement on the SHA-1 attack was announced on behalf of <a href="/wiki/Xiaoyun_Wang" class="mw-redirect" title="Xiaoyun Wang">Xiaoyun Wang</a>, <a href="/wiki/Andrew_Yao" title="Andrew Yao">Andrew Yao</a> and <a href="/wiki/Frances_Yao" title="Frances Yao">Frances Yao</a> at the CRYPTO 2005 Rump Session, lowering the complexity required for finding a collision in SHA-1 to 2<sup>63</sup>.<sup id="cite_ref-:3_7-1" class="reference"><a href="#cite_note-:3-7"><span class="cite-bracket">[</span>7<span class="cite-bracket">]</span></a></sup> On 18 December 2007 the details of this result were explained and verified by Martin Cochran.<sup id="cite_ref-41" class="reference"><a href="#cite_note-41"><span class="cite-bracket">[</span>41<span class="cite-bracket">]</span></a></sup> </p><p>Christophe De Cannière and Christian Rechberger further improved the attack on SHA-1 in "Finding SHA-1 Characteristics: General Results and Applications,"<sup id="cite_ref-42" class="reference"><a href="#cite_note-42"><span class="cite-bracket">[</span>42<span class="cite-bracket">]</span></a></sup> receiving the Best Paper Award at <a href="/wiki/ASIACRYPT" class="mw-redirect" title="ASIACRYPT">ASIACRYPT</a> 2006. A two-block collision for 64-round SHA-1 was presented, found using unoptimized methods with 2<sup>35</sup> compression function evaluations. Since this attack requires the equivalent of about 2<sup>35</sup> evaluations, it is considered to be a significant theoretical break.<sup id="cite_ref-43" class="reference"><a href="#cite_note-43"><span class="cite-bracket">[</span>43<span class="cite-bracket">]</span></a></sup> Their attack was extended further to 73 rounds (of 80) in 2010 by Grechnikov.<sup id="cite_ref-44" class="reference"><a href="#cite_note-44"><span class="cite-bracket">[</span>44<span class="cite-bracket">]</span></a></sup> In order to find an actual collision in the full 80 rounds of the hash function, however, tremendous amounts of computer time are required. To that end, a collision search for SHA-1 using the volunteer computing platform <a href="/wiki/BOINC" class="mw-redirect" title="BOINC">BOINC</a> began August 8, 2007, organized by the <a href="/wiki/Graz_University_of_Technology" title="Graz University of Technology">Graz University of Technology</a>. The effort was abandoned May 12, 2009 due to lack of progress.<sup id="cite_ref-45" class="reference"><a href="#cite_note-45"><span class="cite-bracket">[</span>45<span class="cite-bracket">]</span></a></sup> </p><p>At the Rump Session of CRYPTO 2006, Christian Rechberger and Christophe De Cannière claimed to have discovered a collision attack on SHA-1 that would allow an attacker to select at least parts of the message.<sup id="cite_ref-46" class="reference"><a href="#cite_note-46"><span class="cite-bracket">[</span>46<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-47" class="reference"><a href="#cite_note-47"><span class="cite-bracket">[</span>47<span class="cite-bracket">]</span></a></sup> </p><p>In 2008, an attack methodology by Stéphane Manuel reported hash collisions with an estimated theoretical complexity of 2<sup>51</sup> to 2<sup>57</sup> operations.<sup id="cite_ref-48" class="reference"><a href="#cite_note-48"><span class="cite-bracket">[</span>48<span class="cite-bracket">]</span></a></sup> However he later retracted that claim after finding that local collision paths were not actually independent, and finally quoting for the most efficient a collision vector that was already known before this work.<sup id="cite_ref-49" class="reference"><a href="#cite_note-49"><span class="cite-bracket">[</span>49<span class="cite-bracket">]</span></a></sup> </p><p>Cameron McDonald, Philip Hawkes and Josef Pieprzyk presented a hash collision attack with claimed complexity 2<sup>52</sup> at the Rump Session of Eurocrypt 2009.<sup id="cite_ref-50" class="reference"><a href="#cite_note-50"><span class="cite-bracket">[</span>50<span class="cite-bracket">]</span></a></sup> However, the accompanying paper, "Differential Path for SHA-1 with complexity <a href="/wiki/Big_O_notation" title="Big O notation"><i>O</i></a>(2<sup>52</sup>)" has been withdrawn due to the authors' discovery that their estimate was incorrect.<sup id="cite_ref-51" class="reference"><a href="#cite_note-51"><span class="cite-bracket">[</span>51<span class="cite-bracket">]</span></a></sup> </p><p>One attack against SHA-1 was Marc Stevens<sup id="cite_ref-Cryptanalysis_of_MD5_&_SHA-1_52-0" class="reference"><a href="#cite_note-Cryptanalysis_of_MD5_&_SHA-1-52"><span class="cite-bracket">[</span>52<span class="cite-bracket">]</span></a></sup> with an estimated cost of $2.77M (2012) to break a single hash value by renting CPU power from cloud servers.<sup id="cite_ref-53" class="reference"><a href="#cite_note-53"><span class="cite-bracket">[</span>53<span class="cite-bracket">]</span></a></sup> Stevens developed this attack in a project called HashClash,<sup id="cite_ref-54" class="reference"><a href="#cite_note-54"><span class="cite-bracket">[</span>54<span class="cite-bracket">]</span></a></sup> implementing a differential path attack. On 8 November 2010, he claimed he had a fully working near-collision attack against full SHA-1 working with an estimated complexity equivalent to 2<sup>57.5</sup> SHA-1 compressions. He estimated this attack could be extended to a full collision with a complexity around 2<sup>61</sup>. </p> <div class="mw-heading mw-heading4"><h4 id="The_SHAppening">The SHAppening</h4><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=SHA-1&action=edit&section=8" title="Edit section: The SHAppening"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>On 8 October 2015, Marc Stevens, Pierre Karpman, and Thomas Peyrin published a freestart collision attack on SHA-1's compression function that requires only 2<sup>57</sup> SHA-1 evaluations. This does not directly translate into a collision on the full SHA-1 hash function (where an attacker is <i>not</i> able to freely choose the initial internal state), but undermines the security claims for SHA-1. In particular, it was the first time that an attack on full SHA-1 had been <i>demonstrated</i>; all earlier attacks were too expensive for their authors to carry them out. The authors named this significant breakthrough in the <a href="/wiki/Cryptanalysis" title="Cryptanalysis">cryptanalysis</a> of SHA-1 <i>The SHAppening</i>.<sup id="cite_ref-shappening_10-2" class="reference"><a href="#cite_note-shappening-10"><span class="cite-bracket">[</span>10<span class="cite-bracket">]</span></a></sup> </p><p>The method was based on their earlier work, as well as the auxiliary paths (or boomerangs) speed-up technique from Joux and Peyrin, and using high performance/cost efficient GPU cards from <a href="/wiki/Nvidia" title="Nvidia">Nvidia</a>. The collision was found on a 16-node cluster with a total of 64 graphics cards. The authors estimated that a similar collision could be found by buying US$2,000 of GPU time on <a href="/wiki/Amazon_Elastic_Compute_Cloud" title="Amazon Elastic Compute Cloud">EC2</a>.<sup id="cite_ref-shappening_10-3" class="reference"><a href="#cite_note-shappening-10"><span class="cite-bracket">[</span>10<span class="cite-bracket">]</span></a></sup> </p><p>The authors estimated that the cost of renting enough of EC2 CPU/GPU time to generate a full collision for SHA-1 at the time of publication was between US$75K and $120K, and noted that was well within the budget of criminal organizations, not to mention national <a href="/wiki/Intelligence_agency" title="Intelligence agency">intelligence agencies</a>. As such, the authors recommended that SHA-1 be deprecated as quickly as possible.<sup id="cite_ref-shappening_10-4" class="reference"><a href="#cite_note-shappening-10"><span class="cite-bracket">[</span>10<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading4"><h4 id="SHAttered_–_first_public_collision"><span id="SHAttered_.E2.80.93_first_public_collision"></span>SHAttered – first public collision</h4><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=SHA-1&action=edit&section=9" title="Edit section: SHAttered – first public collision"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>On 23 February 2017, the <a href="/wiki/Centrum_Wiskunde_%26_Informatica" title="Centrum Wiskunde & Informatica">CWI (Centrum Wiskunde & Informatica)</a> and Google announced the <i>SHAttered</i> attack, in which they generated two different PDF files with the same SHA-1 hash in roughly 2<sup>63.1</sup> SHA-1 evaluations. This attack is about 100,000 times faster than brute forcing a SHA-1 collision with a <a href="/wiki/Birthday_attack" title="Birthday attack">birthday attack</a>, which was estimated to take 2<sup>80</sup> SHA-1 evaluations. The attack required "the equivalent processing power of 6,500 years of single-CPU computations and 110 years of single-GPU computations".<sup id="cite_ref-sha1-shattered_2-2" class="reference"><a href="#cite_note-sha1-shattered-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading4"><h4 id="Birthday-Near-Collision_Attack_–_first_practical_chosen-prefix_attack"><span id="Birthday-Near-Collision_Attack_.E2.80.93_first_practical_chosen-prefix_attack"></span>Birthday-Near-Collision Attack – first practical chosen-prefix attack</h4><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=SHA-1&action=edit&section=10" title="Edit section: Birthday-Near-Collision Attack – first practical chosen-prefix attack"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>On 24 April 2019 a paper by Gaëtan Leurent and Thomas Peyrin presented at Eurocrypt 2019 described an enhancement to the previously best <a href="/wiki/Collision_attack#Chosen-prefix_collision_attack" title="Collision attack">chosen-prefix attack</a> in <a href="/wiki/Merkle%E2%80%93Damg%C3%A5rd_construction" title="Merkle–Damgård construction">Merkle–Damgård</a>–like digest functions based on <a href="/wiki/One-way_compression_function#Davies–Meyer" title="One-way compression function">Davies–Meyer</a> block ciphers. With these improvements, this method is capable of finding chosen-prefix collisions in approximately 2<sup>68</sup> SHA-1 evaluations. This is approximately 1 billion times faster (and now usable for many targeted attacks, thanks to the possibility of choosing a prefix, for example malicious code or faked identities in signed certificates) than the previous attack's 2<sup>77.1</sup> evaluations (but without chosen prefix, which was impractical for most targeted attacks because the found collisions were almost random)<sup id="cite_ref-stevens-attacks_1-1" class="reference"><a href="#cite_note-stevens-attacks-1"><span class="cite-bracket">[</span>1<span class="cite-bracket">]</span></a></sup> and is fast enough to be practical for resourceful attackers, requiring approximately $100,000 of cloud processing. This method is also capable of finding chosen-prefix collisions in the <a href="/wiki/MD5" title="MD5">MD5</a> function, but at a complexity of 2<sup>46.3</sup> does not surpass the prior best available method at a theoretical level (2<sup>39</sup>), though potentially at a practical level (≤2<sup>49</sup>).<sup id="cite_ref-leurent-peyrin-sha1_55-0" class="reference"><a href="#cite_note-leurent-peyrin-sha1-55"><span class="cite-bracket">[</span>55<span class="cite-bracket">]</span></a></sup> This attack has a memory requirement of 500+ GB. </p><p>On 5 January 2020 the authors published an improved attack called "shambles".<sup id="cite_ref-leurent-peyrin-sha1-shambles_8-2" class="reference"><a href="#cite_note-leurent-peyrin-sha1-shambles-8"><span class="cite-bracket">[</span>8<span class="cite-bracket">]</span></a></sup> In this paper they demonstrate a chosen-prefix collision attack with a complexity of 2<sup>63.4</sup>, that at the time of publication would cost US$45K per generated collision. </p> <div class="mw-heading mw-heading3"><h3 id="Official_validation">Official validation</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=SHA-1&action=edit&section=11" title="Edit section: Official validation"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Main article: <a href="/wiki/Cryptographic_Module_Validation_Program" title="Cryptographic Module Validation Program">Cryptographic Module Validation Program</a></div> <p>Implementations of all FIPS-approved security functions can be officially validated through the <a href="/wiki/Cryptographic_Module_Validation_Program" title="Cryptographic Module Validation Program">CMVP program</a>, jointly run by the <a href="/wiki/National_Institute_of_Standards_and_Technology" title="National Institute of Standards and Technology">National Institute of Standards and Technology</a> (NIST) and the <a href="/wiki/Communications_Security_Establishment" title="Communications Security Establishment">Communications Security Establishment</a> (CSE). For informal verification, a package to generate a high number of test vectors is made available for download on the NIST site; the resulting verification, however, does not replace the formal CMVP validation, which is required by law for certain applications. </p><p>As of December 2013<sup class="plainlinks noexcerpt noprint asof-tag update" style="display:none;"><a class="external text" href="https://en.wikipedia.org/w/index.php?title=SHA-1&action=edit">[update]</a></sup>, there are over 2000 validated implementations of SHA-1, with 14 of them capable of handling messages with a length in bits not a multiple of eight (see <a rel="nofollow" class="external text" href="http://csrc.nist.gov/groups/STM/cavp/documents/shs/shaval.htm">SHS Validation List</a> <a rel="nofollow" class="external text" href="https://web.archive.org/web/20110823092514/http://csrc.nist.gov/groups/STM/cavp/documents/shs/shaval.htm">Archived</a> 2011-08-23 at the <a href="/wiki/Wayback_Machine" title="Wayback Machine">Wayback Machine</a>). </p> <div class="mw-heading mw-heading2"><h2 id="Examples_and_pseudocode">Examples and pseudocode</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=SHA-1&action=edit&section=12" title="Edit section: Examples and pseudocode"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <div class="mw-heading mw-heading3"><h3 id="Example_hashes">Example hashes</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=SHA-1&action=edit&section=13" title="Edit section: Example hashes"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>These are examples of SHA-1 <a href="/wiki/Message_digest" class="mw-redirect" title="Message digest">message digests</a> in hexadecimal and in <a href="/wiki/Base64" title="Base64">Base64</a> binary to <a href="/wiki/ASCII" title="ASCII">ASCII</a> text encoding. </p> <ul><li><code>SHA1("The quick brown fox jumps over the lazy <span style="background-color: #87CEEB;color:black;">d</span>og")</code> <ul><li>Outputted hexadecimal: <code>2fd4e1c67a2d28fced849ee1bb76e7391b93eb12</code></li> <li>Outputted <a href="/wiki/Base64" title="Base64">Base64</a> binary to <a href="/wiki/ASCII" title="ASCII">ASCII</a> text encoding: <code>L9ThxnotKPzthJ7hu3bnORuT6xI=</code></li></ul></li></ul> <p>Even a small change in the message will, with overwhelming probability, result in many bits changing due to the <a href="/wiki/Avalanche_effect" title="Avalanche effect">avalanche effect</a>. For example, changing <code>dog</code> to <code>cog</code> produces a hash with different values for 81 of the 160 bits: </p> <ul><li><code>SHA1("The quick brown fox jumps over the lazy <span style="background-color: #87CEEB;color:black;">c</span>og")</code> <ul><li>Outputted hexadecimal: <code>de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3</code></li> <li>Outputted <a href="/wiki/Base64" title="Base64">Base64</a> binary to <a href="/wiki/ASCII" title="ASCII">ASCII</a> text encoding: <code>3p8sf9JeGzr60+haC9F9mxANtLM=</code></li></ul></li></ul> <p>The hash of the zero-length string is: </p> <ul><li><code>SHA1("")</code> <ul><li>Outputted hexadecimal: <code>da39a3ee5e6b4b0d3255bfef95601890afd80709</code></li> <li>Outputted <a href="/wiki/Base64" title="Base64">Base64</a> binary to <a href="/wiki/ASCII" title="ASCII">ASCII</a> text encoding: <code>2jmj7l5rSw0yVb/vlWAYkK/YBwk=</code></li></ul></li></ul> <div class="mw-heading mw-heading3"><h3 id="SHA-1_pseudocode">SHA-1 pseudocode</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=SHA-1&action=edit&section=14" title="Edit section: SHA-1 pseudocode"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p><a href="/wiki/Pseudocode" title="Pseudocode">Pseudocode</a> for the SHA-1 algorithm follows: </p> <pre><span style="color: green;"><i>Note 1: All variables are unsigned 32-bit quantities and wrap modulo 2<sup>32</sup> when calculating, except for</i></span> <span style="color: green;"><i>ml, the message length, which is a 64-bit quantity, and</i></span> <span style="color: green;"><i>hh, the message digest, which is a 160-bit quantity.</i></span> <span style="color: green;"><i>Note 2: All constants in this pseudo code are in <a href="/wiki/Endianness" title="Endianness">big endian</a>.</i></span> <span style="color: green;"><i>Within each word, the most significant byte is stored in the leftmost byte position</i></span> <span style="color: green;"><i>Initialize variables:</i></span> h0 = 0x67452301 h1 = 0xEFCDAB89 h2 = 0x98BADCFE h3 = 0x10325476 h4 = 0xC3D2E1F0 ml = message length in bits (always a multiple of the number of bits in a character). <span style="color: green;"><i>Pre-processing:</i></span> append the bit '1' to the message e.g. by adding 0x80 if message length is a multiple of 8 bits. append 0 ≤ k < 512 bits '0', such that the resulting message length in <i>bits</i> is <a href="/wiki/Modular_arithmetic" title="Modular arithmetic">congruent</a> to −64 ≡ 448 (mod 512) append ml, the original message length in bits, as a 64-bit <a href="/wiki/Endianness" title="Endianness">big-endian</a> integer. Thus, the total length is a multiple of 512 bits. <span style="color: green;"><i>Process the message in successive 512-bit chunks:</i></span> break message into 512-bit chunks <b>for</b> each chunk break chunk into sixteen 32-bit big-endian words w[i], 0 ≤ i ≤ 15 <span style="color: green;"><i>Message schedule: extend the sixteen 32-bit words into eighty 32-bit words:</i></span> <b>for</b> i <b>from</b> 16 to 79 <span style="color: green;"><i>Note 3: SHA-0 differs by not having this leftrotate.</i></span> w[i] = (w[i-3] <b>xor</b> w[i-8] <b>xor</b> w[i-14] <b>xor</b> w[i-16]) <b><a href="/wiki/Circular_shift" title="Circular shift">leftrotate</a></b> 1 <span style="color: green;"><i>Initialize hash value for this chunk:</i></span> a = h0 b = h1 c = h2 d = h3 e = h4 <span style="color: green;"><i>Main loop:</i></span><sup id="cite_ref-:0_3-1" class="reference"><a href="#cite_note-:0-3"><span class="cite-bracket">[</span>3<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-56" class="reference"><a href="#cite_note-56"><span class="cite-bracket">[</span>56<span class="cite-bracket">]</span></a></sup> <b>for</b> i <b>from</b> 0 <b>to</b> 79 <b>if</b> 0 ≤ i ≤ 19 <b>then</b> f = (b <b>and</b> c) <b>or</b> ((<b>not</b> b) <b>and</b> d) k = 0x5A827999 <b>else if</b> 20 ≤ i ≤ 39 f = b <b>xor</b> c <b>xor</b> d k = 0x6ED9EBA1 <b>else if</b> 40 ≤ i ≤ 59 f = (b <b>and</b> c) <b>or</b> (b <b>and</b> d) <b>or</b> (c <b>and</b> d) k = 0x8F1BBCDC <b>else if</b> 60 ≤ i ≤ 79 f = b <b>xor</b> c <b>xor</b> d k = 0xCA62C1D6 temp = (a <b>leftrotate</b> 5) + f + e + k + w[i] e = d d = c c = b <b>leftrotate</b> 30 b = a a = temp <span style="color: green;"><i>Add this chunk's hash to result so far:</i></span> h0 = h0 + a h1 = h1 + b h2 = h2 + c h3 = h3 + d h4 = h4 + e <span style="color:green;"><i>Produce the final hash value (big-endian) as a 160-bit number:</i></span> hh = (h0 <b>leftshift</b> 128) <b>or</b> (h1 <b>leftshift</b> 96) <b>or</b> (h2 <b>leftshift</b> 64) <b>or</b> (h3 <b>leftshift</b> 32) <b>or</b> h4 </pre> <p>The number <code>hh</code> is the message digest, which can be written in hexadecimal (base 16). </p><p>The chosen constant values used in the algorithm were assumed to be <a href="/wiki/Nothing_up_my_sleeve_number" class="mw-redirect" title="Nothing up my sleeve number">nothing up my sleeve numbers</a>: </p> <ul><li>The four round constants <code>k</code> are 2<sup>30</sup> times the square roots of 2, 3, 5 and 10. However they were incorrectly rounded to the nearest integer instead of being rounded to the nearest odd integer, with equilibrated proportions of zero and one bits. As well, choosing the square root of 10 (which is not a prime) made it a common factor for the two other chosen square roots of primes 2 and 5, with possibly usable arithmetic properties across successive rounds, reducing the strength of the algorithm against finding collisions on some bits.</li> <li>The first four starting values for <code>h0</code> through <code>h3</code> are the same with the MD5 algorithm, and the fifth (for <code>h4</code>) is similar. However they were not properly verified for being resistant against inversion of the few first rounds to infer possible collisions on some bits, usable by multiblock differential attacks.</li></ul> <p>Instead of the formulation from the original FIPS PUB 180-1 shown, the following equivalent expressions may be used to compute <code>f</code> in the main loop above: </p> <pre><span style="color: green;"><i>Bitwise choice between </i>c<i> and </i>d<i>, controlled by </i>b<i>.</i></span> (0 ≤ i ≤ 19): f = d <b>xor</b> (b <b>and</b> (c <b>xor</b> d)) <span style="color: green;"><i>(alternative 1)</i></span> (0 ≤ i ≤ 19): f = (b <b>and</b> c) <b>or</b> ((<b>not</b> b) <b>and</b> d) <span style="color: green;"><i>(alternative 2)</i></span> (0 ≤ i ≤ 19): f = (b <b>and</b> c) <b>xor</b> ((<b>not</b> b) <b>and</b> d) <span style="color: green;"><i>(alternative 3)</i></span> (0 ≤ i ≤ 19): f = vec_sel(d, c, b) <span style="color: green;"><i>(alternative 4)</i></span>  [premo08] <span style="color: green;"><i>Bitwise majority function.</i></span> (40 ≤ i ≤ 59): f = (b <b>and</b> c) <b>or</b> (d <b>and</b> (b <b>or</b> c)) <span style="color: green;"><i>(alternative 1)</i></span> (40 ≤ i ≤ 59): f = (b <b>and</b> c) <b>or</b> (d <b>and</b> (b <b>xor</b> c)) <span style="color: green;"><i>(alternative 2)</i></span> (40 ≤ i ≤ 59): f = (b <b>and</b> c) <b>xor</b> (d <b>and</b> (b <b>xor</b> c)) <span style="color: green;"><i>(alternative 3)</i></span> (40 ≤ i ≤ 59): f = (b <b>and</b> c) <b>xor</b> (b <b>and</b> d) <b>xor</b> (c <b>and</b> d) <span style="color: green;"><i>(alternative 4)</i></span> (40 ≤ i ≤ 59): f = vec_sel(c, b, c <b>xor</b> d) <span style="color: green;"><i>(alternative 5)</i></span> </pre> <p>It was also shown<sup id="cite_ref-57" class="reference"><a href="#cite_note-57"><span class="cite-bracket">[</span>57<span class="cite-bracket">]</span></a></sup> that for the rounds 32–79 the computation of: </p> <pre>w[i] = (w[i-3] <b>xor</b> w[i-8] <b>xor</b> w[i-14] <b>xor</b> w[i-16]) <b><a href="/wiki/Circular_shift" title="Circular shift">leftrotate</a></b> 1 </pre> <p>can be replaced with: </p> <pre>w[i] = (w[i-6] <b>xor</b> w[i-16] <b>xor</b> w[i-28] <b>xor</b> w[i-32]) <b><a href="/wiki/Circular_shift" title="Circular shift">leftrotate</a></b> 2 </pre> <p>This transformation keeps all operands 64-bit aligned and, by removing the dependency of <code>w[i]</code> on <code>w[i-3]</code>, allows efficient SIMD implementation with a vector length of 4 like <a href="/wiki/X86" title="X86">x86</a> <a href="/wiki/Streaming_SIMD_Extensions" title="Streaming SIMD Extensions">SSE</a> instructions. </p> <div class="mw-heading mw-heading2"><h2 id="Comparison_of_SHA_functions">Comparison of SHA functions</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=SHA-1&action=edit&section=15" title="Edit section: Comparison of SHA functions"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>In the table below, <i>internal state</i> means the "internal hash sum" after each compression of a data block. </p> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Further information: <a href="/wiki/Merkle%E2%80%93Damg%C3%A5rd_construction" title="Merkle–Damgård construction">Merkle–Damgård construction</a></div> <table class="wikitable" style="margin-top: 0px; width:100%; text-align:center;"> <caption>Comparison of SHA functions <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1239400231"><div class="navbar plainlinks hlist" style="float:right"><ul><li class="nv-view"><a href="/wiki/Template:Comparison_of_SHA_functions" title="Template:Comparison of SHA functions"><span title="View this template">view</span></a></li><li class="nv-talk"><a href="/wiki/Template_talk:Comparison_of_SHA_functions" title="Template talk:Comparison of SHA functions"><span title="Discuss this template">talk</span></a></li><li class="nv-edit"><a href="/wiki/Special:EditPage/Template:Comparison_of_SHA_functions" title="Special:EditPage/Template:Comparison of SHA functions"><span title="Edit this template">edit</span></a></li></ul></div> </caption> <tbody><tr style="vertical-align:bottom;"> <th colspan="2" rowspan="2">Algorithm and variant </th> <th rowspan="2">Output size<br />(bits) </th> <th rowspan="2">Internal <br />state size <br />(bits) </th> <th rowspan="2">Block size<br />(bits) </th> <th rowspan="2">Rounds </th> <th rowspan="2">Operations </th> <th rowspan="2">Security against <a href="/wiki/Collision_attack" title="Collision attack">collision attacks</a> <br />(bits) </th> <th rowspan="2">Security against <a href="/wiki/Length_extension_attack" title="Length extension attack">length extension attacks</a> <br />(bits) </th> <th colspan="2">Performance on <a href="/wiki/Skylake_(microarchitecture)" title="Skylake (microarchitecture)">Skylake</a> (median <a href="/wiki/Cycles_per_byte" class="mw-redirect" title="Cycles per byte">cpb</a>)<sup id="cite_ref-58" class="reference"><a href="#cite_note-58"><span class="cite-bracket">[</span>58<span class="cite-bracket">]</span></a></sup> </th> <th rowspan="2">First published </th></tr> <tr style="vertical-align:bottom;"> <th>Long messages </th> <th>8 bytes </th></tr> <tr style="vertical-align:top;"> <td colspan="2"><b><a href="/wiki/MD5" title="MD5">MD5</a></b> (as reference)</td> <td>128</td> <td>128<br /><span class="nowrap">(4 × 32)</span></td> <td>512</td> <td>4 <br /> <span class="nowrap">(16 operations</span> in each round)</td> <td>And, Xor, Or, Rot, <span class="nowrap">Add (mod 2<sup>32</sup>)</span></td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">≤ 18<br />(collisions found)<sup id="cite_ref-59" class="reference"><a href="#cite_note-59"><span class="cite-bracket">[</span>59<span class="cite-bracket">]</span></a></sup></td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">0</td> <td>4.99</td> <td>55.00</td> <td>1992 </td></tr> <tr style="vertical-align:top;"> <td colspan="2"><b><span class="nowrap"><a href="/wiki/SHA-0" class="mw-redirect" title="SHA-0">SHA-0</a></span></b></td> <td rowspan="2">160</td> <td rowspan="2">160<br /><span class="nowrap">(5 × 32)</span></td> <td rowspan="2">512</td> <td rowspan="2">80</td> <td rowspan="2">And, Xor, Or, Rot, <span class="nowrap">Add (mod 2<sup>32</sup>)</span></td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">< 34<br />(collisions found)</td> <td rowspan="2" style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">0</td> <td>≈ SHA-1</td> <td>≈ SHA-1</td> <td>1993 </td></tr> <tr style="vertical-align:top;"> <td colspan="2"><b><span class="nowrap"><a class="mw-selflink selflink">SHA-1</a></span></b></td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">< 63<br />(collisions found)<sup id="cite_ref-60" class="reference"><a href="#cite_note-60"><span class="cite-bracket">[</span>60<span class="cite-bracket">]</span></a></sup></td> <td>3.47</td> <td>52.00</td> <td>1995 </td></tr> <tr style="vertical-align:top;"> <td rowspan="4"><b><span class="nowrap"><a href="/wiki/SHA-2" title="SHA-2">SHA-2</a></span></b></td> <td><i>SHA-224</i><br /><i>SHA-256</i></td> <td>224<br />256</td> <td>256<br /><span class="nowrap">(8 × 32)</span></td> <td>512</td> <td>64</td> <td>And, Xor, Or, <br />Rot, Shr, <span class="nowrap">Add (mod 2<sup>32</sup>)</span></td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">112 <br /> 128</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">32 <br /> 0</td> <td>7.62<br />7.63</td> <td>84.50<br />85.25</td> <td>2004<br />2001 </td></tr> <tr style="vertical-align:top;"> <td><i>SHA-384</i></td> <td>384</td> <td rowspan="3">512<br /><span class="nowrap">(8 × 64)</span></td> <td rowspan="3">1024</td> <td rowspan="3">80</td> <td rowspan="3">And, Xor, Or, <br />Rot, Shr, <span class="nowrap">Add (mod 2<sup>64</sup>)</span></td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">192</td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2"><span class="nowrap">128</span></td> <td>5.12</td> <td>135.75</td> <td>2001 </td></tr> <tr style="vertical-align:top;"> <td><i>SHA-512</i></td> <td>512</td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">256</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">0<sup id="cite_ref-61" class="reference"><a href="#cite_note-61"><span class="cite-bracket">[</span>61<span class="cite-bracket">]</span></a></sup></td> <td>5.06</td> <td>135.50</td> <td>2001 </td></tr> <tr style="vertical-align:top;"> <td><i><span class="nowrap">SHA-512/224</span></i><br /><i><span class="nowrap">SHA-512/256</span></i></td> <td>224<br />256</td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">112<br />128</td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">288<br />256</td> <td><span class="nowrap">≈ SHA-384</span></td> <td><span class="nowrap">≈ SHA-384</span></td> <td>2012 </td></tr> <tr style="vertical-align:top;"> <td rowspan="2"><b><span class="nowrap"><a href="/wiki/SHA-3" title="SHA-3">SHA-3</a></span></b></td> <td><i>SHA3-224</i><br /><i>SHA3-256</i><br /><i>SHA3-384</i><br /><i>SHA3-512</i></td> <td>224<br />256<br />384<br />512</td> <td rowspan="2">1600<br /><span class="nowrap">(5 × 5 × 64)</span></td> <td>1152<br />1088<br />832<br />576</td> <td rowspan="2"><span class="nowrap">24</span><sup id="cite_ref-62" class="reference"><a href="#cite_note-62"><span class="cite-bracket">[</span>62<span class="cite-bracket">]</span></a></sup></td> <td rowspan="2">And, Xor, Rot, Not</td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">112<br />128<br />192<br />256</td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">448<br />512<br />768<br />1024</td> <td>8.12<br />8.59<br />11.06<br />15.88</td> <td>154.25<br />155.50<br />164.00<br />164.00</td> <td rowspan="2">2015 </td></tr> <tr style="vertical-align:top;"> <td><i>SHAKE128</i><br /><i>SHAKE256</i></td> <td><span class="nowrap"><i>d</i> (arbitrary)</span><br /><span class="nowrap"><i>d</i> (arbitrary)</span></td> <td>1344<br />1088</td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">min(<i>d</i>/2, 128)<br /><span class="nowrap">min(<i>d</i>/2, 256)</span></td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2"><span class="nowrap">256<br />512</span></td> <td>7.08<br />8.59</td> <td>155.25<br />155.50 </td></tr></tbody></table> <div class="mw-heading mw-heading2"><h2 id="Implementations">Implementations</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=SHA-1&action=edit&section=16" title="Edit section: Implementations"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Below is a list of cryptography libraries that support SHA-1: </p> <ul><li><a href="/wiki/Botan_(programming_library)" title="Botan (programming library)">Botan</a></li> <li><a href="/wiki/Bouncy_Castle_(cryptography)" title="Bouncy Castle (cryptography)">Bouncy Castle</a></li> <li><a href="/wiki/Cryptlib" title="Cryptlib">cryptlib</a></li> <li><a href="/wiki/Crypto%2B%2B" title="Crypto++">Crypto++</a></li> <li><a href="/wiki/Libgcrypt" title="Libgcrypt">Libgcrypt</a></li> <li><a href="/wiki/Mbed_TLS" title="Mbed TLS">Mbed TLS</a></li> <li><a href="/wiki/Nettle_(cryptographic_library)" title="Nettle (cryptographic library)">Nettle</a></li> <li><a href="/wiki/LibreSSL" title="LibreSSL">LibreSSL</a></li> <li><a href="/wiki/OpenSSL" title="OpenSSL">OpenSSL</a></li> <li><a href="/wiki/GnuTLS" title="GnuTLS">GnuTLS</a></li></ul> <p>Hardware acceleration is provided by the following processor extensions: </p> <ul><li><a href="/wiki/Intel_SHA_extensions" title="Intel SHA extensions">Intel SHA extensions</a>: Available on some Intel and AMD x86 processors.</li> <li><a href="/wiki/VIA_PadLock" title="VIA PadLock">VIA PadLock</a></li> <li>IBM <a href="/wiki/Z/Architecture" title="Z/Architecture">z/Architecture</a>: Available since 2003 as part of the Message-Security-Assist Extension<sup id="cite_ref-63" class="reference"><a href="#cite_note-63"><span class="cite-bracket">[</span>63<span class="cite-bracket">]</span></a></sup></li></ul> <div class="mw-heading mw-heading3"><h3 id="Collision_countermeasure">Collision countermeasure</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=SHA-1&action=edit&section=17" title="Edit section: Collision countermeasure"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>In the wake of SHAttered, Mark Stevens and Dan Shumow published "sha1collisiondetection" (SHA-1CD), a variant of SHA-1 that detects collision attacks and changes the hash output when one is detected. The false positive rate is 2<sup>−90</sup>.<sup id="cite_ref-64" class="reference"><a href="#cite_note-64"><span class="cite-bracket">[</span>64<span class="cite-bracket">]</span></a></sup> SHA-1CD is used by <a href="/wiki/GitHub" title="GitHub">GitHub</a> since March 2017 and <a href="/wiki/Git" title="Git">git</a> since version 2.13.0 of May 2017.<sup id="cite_ref-65" class="reference"><a href="#cite_note-65"><span class="cite-bracket">[</span>65<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="See_also">See also</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=SHA-1&action=edit&section=18" title="Edit section: See also"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1235681985">.mw-parser-output .side-box{margin:4px 0;box-sizing:border-box;border:1px solid #aaa;font-size:88%;line-height:1.25em;background-color:var(--background-color-interactive-subtle,#f8f9fa);display:flow-root}.mw-parser-output .side-box-abovebelow,.mw-parser-output .side-box-text{padding:0.25em 0.9em}.mw-parser-output .side-box-image{padding:2px 0 2px 0.9em;text-align:center}.mw-parser-output .side-box-imageright{padding:2px 0.9em 2px 0;text-align:center}@media(min-width:500px){.mw-parser-output .side-box-flex{display:flex;align-items:center}.mw-parser-output .side-box-text{flex:1;min-width:0}}@media(min-width:720px){.mw-parser-output .side-box{width:238px}.mw-parser-output .side-box-right{clear:right;float:right;margin-left:1em}.mw-parser-output .side-box-left{margin-right:1em}}</style><style data-mw-deduplicate="TemplateStyles:r1237033735">@media print{body.ns-0 .mw-parser-output .sistersitebox{display:none!important}}@media screen{html.skin-theme-clientpref-night .mw-parser-output .sistersitebox img[src*="Wiktionary-logo-en-v2.svg"]{background-color:white}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .sistersitebox img[src*="Wiktionary-logo-en-v2.svg"]{background-color:white}}</style><div class="side-box side-box-right plainlinks sistersitebox"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1126788409"> <div class="side-box-flex"> <div class="side-box-image"><span class="noviewer" typeof="mw:File"><span><img alt="" src="//upload.wikimedia.org/wikipedia/commons/thumb/0/0c/Wikifunctions-logo.svg/40px-Wikifunctions-logo.svg.png" decoding="async" width="40" height="40" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/0/0c/Wikifunctions-logo.svg/60px-Wikifunctions-logo.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/0/0c/Wikifunctions-logo.svg/80px-Wikifunctions-logo.svg.png 2x" data-file-width="512" data-file-height="513" /></span></span></div> <div class="side-box-text plainlist"><a href="/wiki/Wikifunctions" title="Wikifunctions">Wikifunctions</a> has <b><a href="https://www.wikifunctions.org/wiki/Z10148" class="extiw" title="f:Z10148">a SHA-1 function</a></b>.</div></div> </div> <ul><li><a href="/wiki/Comparison_of_cryptographic_hash_functions" title="Comparison of cryptographic hash functions">Comparison of cryptographic hash functions</a></li> <li><a href="/wiki/Hash_function_security_summary" title="Hash function security summary">Hash function security summary</a></li> <li><a href="/wiki/International_Association_for_Cryptologic_Research" title="International Association for Cryptologic Research">International Association for Cryptologic Research</a></li> <li><a href="/wiki/Secure_Hash_Standard" class="mw-redirect" title="Secure Hash Standard">Secure Hash Standard</a></li></ul> <div class="mw-heading mw-heading2"><h2 id="Notes">Notes</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=SHA-1&action=edit&section=19" title="Edit section: Notes"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1239543626">.mw-parser-output .reflist{margin-bottom:0.5em;list-style-type:decimal}@media screen{.mw-parser-output .reflist{font-size:90%}}.mw-parser-output .reflist .references{font-size:100%;margin-bottom:0;list-style-type:inherit}.mw-parser-output .reflist-columns-2{column-width:30em}.mw-parser-output .reflist-columns-3{column-width:25em}.mw-parser-output .reflist-columns{margin-top:0.3em}.mw-parser-output .reflist-columns ol{margin-top:0}.mw-parser-output .reflist-columns li{page-break-inside:avoid;break-inside:avoid-column}.mw-parser-output .reflist-upper-alpha{list-style-type:upper-alpha}.mw-parser-output .reflist-upper-roman{list-style-type:upper-roman}.mw-parser-output .reflist-lower-alpha{list-style-type:lower-alpha}.mw-parser-output .reflist-lower-greek{list-style-type:lower-greek}.mw-parser-output .reflist-lower-roman{list-style-type:lower-roman}</style><div class="reflist reflist-columns references-column-width" style="column-width: 30em;"> <ol class="references"> <li id="cite_note-stevens-attacks-1"><span class="mw-cite-backlink">^ <a href="#cite_ref-stevens-attacks_1-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-stevens-attacks_1-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><style data-mw-deduplicate="TemplateStyles:r1238218222">.mw-parser-output cite.citation{font-style:inherit;word-wrap:break-word}.mw-parser-output .citation q{quotes:"\"""\"""'""'"}.mw-parser-output .citation:target{background-color:rgba(0,127,255,0.133)}.mw-parser-output .id-lock-free.id-lock-free a{background:url("//upload.wikimedia.org/wikipedia/commons/6/65/Lock-green.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-limited.id-lock-limited a,.mw-parser-output .id-lock-registration.id-lock-registration a{background:url("//upload.wikimedia.org/wikipedia/commons/d/d6/Lock-gray-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-subscription.id-lock-subscription a{background:url("//upload.wikimedia.org/wikipedia/commons/a/aa/Lock-red-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .cs1-ws-icon a{background:url("//upload.wikimedia.org/wikipedia/commons/4/4c/Wikisource-logo.svg")right 0.1em center/12px no-repeat}body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-free a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-limited a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-registration a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-subscription a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .cs1-ws-icon a{background-size:contain;padding:0 1em 0 0}.mw-parser-output .cs1-code{color:inherit;background:inherit;border:none;padding:inherit}.mw-parser-output .cs1-hidden-error{display:none;color:var(--color-error,#d33)}.mw-parser-output .cs1-visible-error{color:var(--color-error,#d33)}.mw-parser-output .cs1-maint{display:none;color:#085;margin-left:0.3em}.mw-parser-output .cs1-kern-left{padding-left:0.2em}.mw-parser-output .cs1-kern-right{padding-right:0.2em}.mw-parser-output .citation .mw-selflink{font-weight:inherit}@media screen{.mw-parser-output .cs1-format{font-size:95%}html.skin-theme-clientpref-night .mw-parser-output .cs1-maint{color:#18911f}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .cs1-maint{color:#18911f}}</style><cite id="CITEREFStevens2012" class="citation thesis cs1"><a href="/wiki/Marc_Stevens_(cryptology)" title="Marc Stevens (cryptology)">Stevens, Marc</a> (June 19, 2012). <a rel="nofollow" class="external text" href="https://marc-stevens.nl/research/papers/PhD%20Thesis%20Marc%20Stevens%20-%20Attacks%20on%20Hash%20Functions%20and%20Applications.pdf"><i>Attacks on Hash Functions and Applications</i></a> <span class="cs1-format">(PDF)</span> (PhD thesis). <a href="/wiki/Leiden_University" title="Leiden University">Leiden University</a>. <a href="/wiki/Hdl_(identifier)" class="mw-redirect" title="Hdl (identifier)">hdl</a>:<a rel="nofollow" class="external text" href="https://hdl.handle.net/1887%2F19093">1887/19093</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/9789461913173" title="Special:BookSources/9789461913173"><bdi>9789461913173</bdi></a>. <a href="/wiki/OCLC_(identifier)" class="mw-redirect" title="OCLC (identifier)">OCLC</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/oclc/795702954">795702954</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Adissertation&rft.title=Attacks+on+Hash+Functions+and+Applications&rft.degree=PhD&rft.inst=Leiden+University&rft.date=2012-06-19&rft_id=info%3Ahdl%2F1887%2F19093&rft_id=info%3Aoclcnum%2F795702954&rft.isbn=9789461913173&rft.aulast=Stevens&rft.aufirst=Marc&rft_id=https%3A%2F%2Fmarc-stevens.nl%2Fresearch%2Fpapers%2FPhD%2520Thesis%2520Marc%2520Stevens%2520-%2520Attacks%2520on%2520Hash%2520Functions%2520and%2520Applications.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-sha1-shattered-2"><span class="mw-cite-backlink">^ <a href="#cite_ref-sha1-shattered_2-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-sha1-shattered_2-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-sha1-shattered_2-2"><sup><i><b>c</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFStevensBurszteinKarpmanAlbertini2017" class="citation conference cs1"><a href="/wiki/Marc_Stevens_(cryptology)" title="Marc Stevens (cryptology)">Stevens, Marc</a>; <a href="/wiki/Elie_Bursztein" title="Elie Bursztein">Bursztein, Elie</a>; Karpman, Pierre; Albertini, Ange; Markov, Yarik (2017). <a href="/wiki/Jonathan_Katz_(computer_scientist)" title="Jonathan Katz (computer scientist)">Katz, Jonathan</a>; Shacham, Hovav (eds.). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20180515222208/http://shattered.io/static/shattered.pdf"><i>The First Collision for Full SHA-1</i></a> <span class="cs1-format">(PDF)</span>. Advances in Cryptology – <a href="/wiki/International_Cryptology_Conference" class="mw-redirect" title="International Cryptology Conference">CRYPTO</a> 2017. <a href="/wiki/Lecture_Notes_in_Computer_Science" title="Lecture Notes in Computer Science">Lecture Notes in Computer Science</a>. Vol. 10401. <a href="/wiki/Springer_Publishing" title="Springer Publishing">Springer</a>. pp. 570–596. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1007%2F978-3-319-63688-7_19">10.1007/978-3-319-63688-7_19</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/9783319636870" title="Special:BookSources/9783319636870"><bdi>9783319636870</bdi></a>. Archived from <a rel="nofollow" class="external text" href="https://shattered.io/static/shattered.pdf">the original</a> <span class="cs1-format">(PDF)</span> on May 15, 2018<span class="reference-accessdate">. Retrieved <span class="nowrap">February 23,</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=conference&rft.btitle=The+First+Collision+for+Full+SHA-1&rft.series=Lecture+Notes+in+Computer+Science&rft.pages=570-596&rft.pub=Springer&rft.date=2017&rft_id=info%3Adoi%2F10.1007%2F978-3-319-63688-7_19&rft.isbn=9783319636870&rft.aulast=Stevens&rft.aufirst=Marc&rft.au=Bursztein%2C+Elie&rft.au=Karpman%2C+Pierre&rft.au=Albertini%2C+Ange&rft.au=Markov%2C+Yarik&rft_id=https%3A%2F%2Fshattered.io%2Fstatic%2Fshattered.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span> <ul><li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMarc_StevensElie_BurszteinPierre_KarpmanAnge_Albertini2017" class="citation web cs1">Marc Stevens; Elie Bursztein; Pierre Karpman; Ange Albertini; Yarik Markov; Alex Petit Bianco; Clement Baisse (February 23, 2017). <a rel="nofollow" class="external text" href="https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html">"Announcing the first SHA1 collision"</a>. <i>Google Security Blog</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Google+Security+Blog&rft.atitle=Announcing+the+first+SHA1+collision&rft.date=2017-02-23&rft.au=Marc+Stevens&rft.au=Elie+Bursztein&rft.au=Pierre+Karpman&rft.au=Ange+Albertini&rft.au=Yarik+Markov&rft.au=Alex+Petit+Bianco&rft.au=Clement+Baisse&rft_id=https%3A%2F%2Fsecurity.googleblog.com%2F2017%2F02%2Fannouncing-first-sha1-collision.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></li></ul> </span></li> <li id="cite_note-:0-3"><span class="mw-cite-backlink">^ <a href="#cite_ref-:0_3-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:0_3-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20200107195003/https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf">"Secure Hash Standard (SHS)"</a> <span class="cs1-format">(PDF)</span>. National Institute of Standards and Technology. 2015. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.6028%2FNIST.FIPS.180-4">10.6028/NIST.FIPS.180-4</a>. Federal Information Processing Standards Publication 180-4. Archived from <a rel="nofollow" class="external text" href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf">the original</a> <span class="cs1-format">(PDF)</span> on 2020-01-07<span class="reference-accessdate">. Retrieved <span class="nowrap">2019-09-23</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Secure+Hash+Standard+%28SHS%29&rft.pub=National+Institute+of+Standards+and+Technology&rft.date=2015&rft_id=info%3Adoi%2F10.6028%2FNIST.FIPS.180-4&rft_id=https%3A%2F%2Fnvlpubs.nist.gov%2Fnistpubs%2FFIPS%2FNIST.FIPS.180-4.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-:1-4"><span class="mw-cite-backlink">^ <a href="#cite_ref-:1_4-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:1_4-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://blog.mozilla.org/security/2017/02/23/the-end-of-sha-1-on-the-public-web/">"The end of SHA-1 on the Public Web"</a>. <i>Mozilla Security Blog</i>. 23 February 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">2019-05-29</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Mozilla+Security+Blog&rft.atitle=The+end+of+SHA-1+on+the+Public+Web&rft.date=2017-02-23&rft_id=https%3A%2F%2Fblog.mozilla.org%2Fsecurity%2F2017%2F02%2F23%2Fthe-end-of-sha-1-on-the-public-web%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-autogenerated1-5"><span class="mw-cite-backlink">^ <a href="#cite_ref-autogenerated1_5-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-autogenerated1_5-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-autogenerated1_5-2"><sup><i><b>c</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.schneier.com/blog/archives/2005/02/sha1_broken.html">"SHA-1 Broken – Schneier on Security"</a>. <i>www.schneier.com</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.schneier.com&rft.atitle=SHA-1+Broken+%E2%80%93+Schneier+on+Security&rft_id=https%3A%2F%2Fwww.schneier.com%2Fblog%2Farchives%2F2005%2F02%2Fsha1_broken.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-:2-6"><span class="mw-cite-backlink">^ <a href="#cite_ref-:2_6-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:2_6-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.ntu.edu.sg/news/detail/critical-flaw-demonstrated-in-common-digital-security-algorithm">"Critical flaw demonstrated in common digital security algorithm"</a>. <i>Nanyang Technological University, Singapore</i>. 24 January 2020.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Nanyang+Technological+University%2C+Singapore&rft.atitle=Critical+flaw+demonstrated+in+common+digital+security+algorithm&rft.date=2020-01-24&rft_id=https%3A%2F%2Fwww.ntu.edu.sg%2Fnews%2Fdetail%2Fcritical-flaw-demonstrated-in-common-digital-security-algorithm&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-:3-7"><span class="mw-cite-backlink">^ <a href="#cite_ref-:3_7-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:3_7-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.schneier.com/blog/archives/2005/08/new_cryptanalyt.html">"New Cryptanalytic Results Against SHA-1 – Schneier on Security"</a>. <i>www.schneier.com</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.schneier.com&rft.atitle=New+Cryptanalytic+Results+Against+SHA-1+%E2%80%93+Schneier+on+Security&rft_id=https%3A%2F%2Fwww.schneier.com%2Fblog%2Farchives%2F2005%2F08%2Fnew_cryptanalyt.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-leurent-peyrin-sha1-shambles-8"><span class="mw-cite-backlink">^ <a href="#cite_ref-leurent-peyrin-sha1-shambles_8-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-leurent-peyrin-sha1-shambles_8-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-leurent-peyrin-sha1-shambles_8-2"><sup><i><b>c</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLeurentPeyrin2020" class="citation web cs1">Leurent, Gaëtan; Peyrin, Thomas (2020-01-05). <a rel="nofollow" class="external text" href="https://eprint.iacr.org/2020/014.pdf">"SHA-1 is a Shambles First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust"</a> <span class="cs1-format">(PDF)</span>. <i>Cryptology ePrint Archive, Report 2020/014</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Cryptology+ePrint+Archive%2C+Report+2020%2F014&rft.atitle=SHA-1+is+a+Shambles+First+Chosen-Prefix+Collision+on+SHA-1+and+Application+to+the+PGP+Web+of+Trust&rft.date=2020-01-05&rft.aulast=Leurent&rft.aufirst=Ga%C3%ABtan&rft.au=Peyrin%2C+Thomas&rft_id=https%3A%2F%2Feprint.iacr.org%2F2020%2F014.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-:4-9"><span class="mw-cite-backlink">^ <a href="#cite_ref-:4_9-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:4_9-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://venturebeat.com/2015/12/18/google-will-drop-sha-1-encryption-from-chrome-by-january-1-2017/">"Google will drop SHA-1 encryption from Chrome by January 1, 2017"</a>. <i>VentureBeat</i>. 2015-12-18<span class="reference-accessdate">. Retrieved <span class="nowrap">2019-05-29</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=VentureBeat&rft.atitle=Google+will+drop+SHA-1+encryption+from+Chrome+by+January+1%2C+2017&rft.date=2015-12-18&rft_id=https%3A%2F%2Fventurebeat.com%2F2015%2F12%2F18%2Fgoogle-will-drop-sha-1-encryption-from-chrome-by-january-1-2017%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-shappening-10"><span class="mw-cite-backlink">^ <a href="#cite_ref-shappening_10-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-shappening_10-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-shappening_10-2"><sup><i><b>c</b></i></sup></a> <a href="#cite_ref-shappening_10-3"><sup><i><b>d</b></i></sup></a> <a href="#cite_ref-shappening_10-4"><sup><i><b>e</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFStevensKarpmanPeyrin" class="citation web cs1">Stevens, Marc; Karpman, Pierre; Peyrin, Thomas. <a rel="nofollow" class="external text" href="https://sites.google.com/site/itstheshappening/">"The SHAppening: freestart collisions for SHA-1"</a><span class="reference-accessdate">. Retrieved <span class="nowrap">2015-10-09</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=The+SHAppening%3A+freestart+collisions+for+SHA-1&rft.aulast=Stevens&rft.aufirst=Marc&rft.au=Karpman%2C+Pierre&rft.au=Peyrin%2C+Thomas&rft_id=https%3A%2F%2Fsites.google.com%2Fsite%2Fitstheshappening%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-11"><span class="mw-cite-backlink"><b><a href="#cite_ref-11">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSchneier2005" class="citation web cs1">Schneier, Bruce (February 18, 2005). <a rel="nofollow" class="external text" href="https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html">"Schneier on Security: Cryptanalysis of SHA-1"</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Schneier+on+Security%3A+Cryptanalysis+of+SHA-1&rft.date=2005-02-18&rft.aulast=Schneier&rft.aufirst=Bruce&rft_id=https%3A%2F%2Fwww.schneier.com%2Fblog%2Farchives%2F2005%2F02%2Fcryptanalysis_o.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-12"><span class="mw-cite-backlink"><b><a href="#cite_ref-12">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20110625054822/http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html">"NIST.gov – Computer Security Division – Computer Security Resource Center"</a>. Archived from <a rel="nofollow" class="external text" href="http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html">the original</a> on 2011-06-25<span class="reference-accessdate">. Retrieved <span class="nowrap">2019-01-05</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=NIST.gov+%E2%80%93+Computer+Security+Division+%E2%80%93+Computer+Security+Resource+Center&rft_id=http%3A%2F%2Fcsrc.nist.gov%2Fgroups%2FST%2Ftoolkit%2Fsecure_hashing.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-13"><span class="mw-cite-backlink"><b><a href="#cite_ref-13">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSchneier2015" class="citation web cs1">Schneier, Bruce (8 October 2015). <a rel="nofollow" class="external text" href="https://www.schneier.com/blog/archives/2015/10/sha-1_freestart.html">"SHA-1 Freestart Collision"</a>. <i>Schneier on Security</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Schneier+on+Security&rft.atitle=SHA-1+Freestart+Collision&rft.date=2015-10-08&rft.aulast=Schneier&rft.aufirst=Bruce&rft_id=https%3A%2F%2Fwww.schneier.com%2Fblog%2Farchives%2F2015%2F10%2Fsha-1_freestart.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-14"><span class="mw-cite-backlink"><b><a href="#cite_ref-14">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation pressrelease cs1"><a rel="nofollow" class="external text" href="https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1-cryptographic-algorithm">"NIST Retires SHA-1 Cryptographic Algorithm"</a> (Press release). NIST. 2022-12-15.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=NIST+Retires+SHA-1+Cryptographic+Algorithm&rft.pub=NIST&rft.date=2022-12-15&rft_id=https%3A%2F%2Fwww.nist.gov%2Fnews-events%2Fnews%2F2022%2F12%2Fnist-retires-sha-1-cryptographic-algorithm&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-15"><span class="mw-cite-backlink"><b><a href="#cite_ref-15">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGoodin2016" class="citation web cs1">Goodin, Dan (2016-05-04). <a rel="nofollow" class="external text" href="https://arstechnica.com/information-technology/2016/05/microsoft-to-retire-support-for-sha1-certificates-in-the-next-4-months/">"Microsoft to retire support for SHA1 certificates in the next 4 months"</a>. <i>Ars Technica</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2019-05-29</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Ars+Technica&rft.atitle=Microsoft+to+retire+support+for+SHA1+certificates+in+the+next+4+months&rft.date=2016-05-04&rft.aulast=Goodin&rft.aufirst=Dan&rft_id=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2016%2F05%2Fmicrosoft-to-retire-support-for-sha1-certificates-in-the-next-4-months%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-16"><span class="mw-cite-backlink"><b><a href="#cite_ref-16">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://phys.org/news/2017-02-cwi-google-collision-industry-standard.html">"CWI, Google announce first collision for Industry Security Standard SHA-1"</a><span class="reference-accessdate">. Retrieved <span class="nowrap">2017-02-23</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=CWI%2C+Google+announce+first+collision+for+Industry+Security+Standard+SHA-1&rft_id=https%3A%2F%2Fphys.org%2Fnews%2F2017-02-cwi-google-collision-industry-standard.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-17"><span class="mw-cite-backlink"><b><a href="#cite_ref-17">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBarker2020" class="citation cs1">Barker, Elaine (May 2020). <i>Recommendation for Key Management: Part 1 – General, Table 3</i> (Technical Report). NIST. p. 56. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<span class="id-lock-free" title="Freely accessible"><a rel="nofollow" class="external text" href="https://doi.org/10.6028%2FNIST.SP.800-57pt1r5">10.6028/NIST.SP.800-57pt1r5</a></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Recommendation+for+Key+Management%3A+Part+1+%E2%80%93+General%2C+Table+3.&rft.pages=56&rft.pub=NIST&rft.date=2020-05&rft_id=info%3Adoi%2F10.6028%2FNIST.SP.800-57pt1r5&rft.aulast=Barker&rft.aufirst=Elaine&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-18"><span class="mw-cite-backlink"><b><a href="#cite_ref-18">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/sha-1-windows-content-to-be-retired-august-3-2020/ba-p/1544373">"SHA-1 Windows content to be retired August 3, 2020"</a>. <i>techcommunity.microsoft.com</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2024-02-28</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=techcommunity.microsoft.com&rft.atitle=SHA-1+Windows+content+to+be+retired+August+3%2C+2020&rft_id=https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fwindows-it-pro-blog%2Fsha-1-windows-content-to-be-retired-august-3-2020%2Fba-p%2F1544373&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-19"><span class="mw-cite-backlink"><b><a href="#cite_ref-19">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://x5.net/faqs/crypto/q150.html">"RSA FAQ on Capstone"</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=RSA+FAQ+on+Capstone&rft_id=http%3A%2F%2Fx5.net%2Ffaqs%2Fcrypto%2Fq150.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-20"><span class="mw-cite-backlink"><b><a href="#cite_ref-20">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSelvaraniAswathaT_V_Suresh2012" class="citation book cs1">Selvarani, R.; Aswatha, Kumar; T V Suresh, Kumar (2012). <a rel="nofollow" class="external text" href="https://books.google.com/books?id=L2OFg7OiV9YC&pg=PA551"><i>Proceedings of International Conference on Advances in Computing</i></a>. Springer Science & Business Media. p. 551. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-81-322-0740-5" title="Special:BookSources/978-81-322-0740-5"><bdi>978-81-322-0740-5</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Proceedings+of+International+Conference+on+Advances+in+Computing&rft.pages=551&rft.pub=Springer+Science+%26+Business+Media&rft.date=2012&rft.isbn=978-81-322-0740-5&rft.aulast=Selvarani&rft.aufirst=R.&rft.au=Aswatha%2C+Kumar&rft.au=T+V+Suresh%2C+Kumar&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3DL2OFg7OiV9YC%26pg%3DPA551&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-21"><span class="mw-cite-backlink"><b><a href="#cite_ref-21">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation cs2"><i>Secure Hash Standard, Federal Information Processing Standards Publication FIPS PUB 180</i>, National Institute of Standards and Technology, 11 May 1993</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Secure+Hash+Standard%2C+Federal+Information+Processing+Standards+Publication+FIPS+PUB+180&rft.pub=National+Institute+of+Standards+and+Technology&rft.date=1993-05-11&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-22"><span class="mw-cite-backlink"><b><a href="#cite_ref-22">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFKramer1994" class="citation web cs1">Kramer, Samuel (11 July 1994). <a rel="nofollow" class="external text" href="https://www.federalregister.gov/documents/1994/07/11/94-16666/proposed-revision-of-federal-information-processing-standard-fips-180-secure-hash-standard">"Proposed Revision of Federal Information Processing Standard (FIPS) 180, Secure Hash Standard"</a>. <i>Federal Register</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Federal+Register&rft.atitle=Proposed+Revision+of+Federal+Information+Processing+Standard+%28FIPS%29+180%2C+Secure+Hash+Standard&rft.date=1994-07-11&rft.aulast=Kramer&rft.aufirst=Samuel&rft_id=https%3A%2F%2Fwww.federalregister.gov%2Fdocuments%2F1994%2F07%2F11%2F94-16666%2Fproposed-revision-of-federal-information-processing-standard-fips-180-secure-hash-standard&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-23"><span class="mw-cite-backlink"><b><a href="#cite_ref-23">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFfgrieu" class="citation web cs1">fgrieu. <a rel="nofollow" class="external text" href="https://crypto.stackexchange.com/a/62071">"Where can I find a description of the SHA-0 hash algorithm?"</a>. <i>Cryptography Stack Exchange</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Cryptography+Stack+Exchange&rft.atitle=Where+can+I+find+a+description+of+the+SHA-0+hash+algorithm%3F&rft.au=fgrieu&rft_id=https%3A%2F%2Fcrypto.stackexchange.com%2Fa%2F62071&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-Computer_Security_Division-24"><span class="mw-cite-backlink">^ <a href="#cite_ref-Computer_Security_Division_24-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-Computer_Security_Division_24-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFComputer_Security_Division2017" class="citation web cs1">Computer Security Division, Information Technology Laboratory (2017-01-04). <a rel="nofollow" class="external text" href="https://csrc.nist.gov/Projects/Hash-Functions/NIST-Policy-on-Hash-Functions">"NIST Policy on Hash Functions – Hash Functions"</a>. <i>CSRC, NIST</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2023-08-27</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=CSRC%2C+NIST&rft.atitle=NIST+Policy+on+Hash+Functions+%E2%80%93+Hash+Functions&rft.date=2017-01-04&rft.aulast=Computer+Security+Division&rft.aufirst=Information+Technology+Laboratory&rft_id=https%3A%2F%2Fcsrc.nist.gov%2FProjects%2FHash-Functions%2FNIST-Policy-on-Hash-Functions&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-25"><span class="mw-cite-backlink"><b><a href="#cite_ref-25">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.youtube.com/watch?v=4XpnKHJAok8&t=56m20s">"Tech Talk: Linus Torvalds on git"</a>. <i><a href="/wiki/YouTube" title="YouTube">YouTube</a></i><span class="reference-accessdate">. Retrieved <span class="nowrap">November 13,</span> 2013</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=YouTube&rft.atitle=Tech+Talk%3A+Linus+Torvalds+on+git&rft_id=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D4XpnKHJAok8%26t%3D56m20s&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-26"><span class="mw-cite-backlink"><b><a href="#cite_ref-26">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFTorvalds" class="citation web cs1">Torvalds, Linus. <a rel="nofollow" class="external text" href="https://marc.info/?l=git&m=115678778717621&w=2">"Re: Starting to think about sha-256?"</a>. <i>marc.info</i><span class="reference-accessdate">. Retrieved <span class="nowrap">30 May</span> 2016</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=marc.info&rft.atitle=Re%3A+Starting+to+think+about+sha-256%3F&rft.aulast=Torvalds&rft.aufirst=Linus&rft_id=https%3A%2F%2Fmarc.info%2F%3Fl%3Dgit%26m%3D115678778717621%26w%3D2&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-27"><span class="mw-cite-backlink"><b><a href="#cite_ref-27">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFWalfield2020" class="citation web cs1">Walfield, Neal H. (2020). <a rel="nofollow" class="external text" href="https://gitlab.com/sequoia-pgp/sequoia/-/commit/35119b755db270ab43a8e1ec13577bc0f9846546">"openpgp: Pass the hash algo's security reqs to Policy::signature"</a>. <i>gitlab.com/sequoia-pgp</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=gitlab.com%2Fsequoia-pgp&rft.atitle=openpgp%3A+Pass+the+hash+algo%27s+security+reqs+to+Policy%3A%3Asignature&rft.date=2020&rft.aulast=Walfield&rft.aufirst=Neal+H.&rft_id=https%3A%2F%2Fgitlab.com%2Fsequoia-pgp%2Fsequoia%2F-%2Fcommit%2F35119b755db270ab43a8e1ec13577bc0f9846546&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span> – see section "Background" in the <a rel="nofollow" class="external text" href="https://docs.rs/sequoia-openpgp/1.18.0/sequoia_openpgp/policy/enum.HashAlgoSecurity.html">rendered documentation</a></span> </li> <li id="cite_note-28"><span class="mw-cite-backlink"><b><a href="#cite_ref-28">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSotirovStevensAppelbaumLenstra2008" class="citation web cs1">Sotirov, Alexander; Stevens, Marc; Appelbaum, Jacob; Lenstra, Arjen; Molnar, David; Osvik, Dag Arne; de Weger, Benne (December 30, 2008). <a rel="nofollow" class="external text" href="http://www.win.tue.nl/hashclash/rogue-ca/">"MD5 considered harmful today: Creating a rogue CA certificate"</a><span class="reference-accessdate">. Retrieved <span class="nowrap">March 29,</span> 2009</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=MD5+considered+harmful+today%3A+Creating+a+rogue+CA+certificate&rft.date=2008-12-30&rft.aulast=Sotirov&rft.aufirst=Alexander&rft.au=Stevens%2C+Marc&rft.au=Appelbaum%2C+Jacob&rft.au=Lenstra%2C+Arjen&rft.au=Molnar%2C+David&rft.au=Osvik%2C+Dag+Arne&rft.au=de+Weger%2C+Benne&rft_id=http%3A%2F%2Fwww.win.tue.nl%2Fhashclash%2Frogue-ca%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-29"><span class="mw-cite-backlink"><b><a href="#cite_ref-29">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://keccak.noekeon.org/">"Strengths of Keccak – Design and security"</a>. <i>The Keccak sponge function family</i>. Keccak team<span class="reference-accessdate">. Retrieved <span class="nowrap">20 September</span> 2015</span>. <q>Unlike SHA-1 and SHA-2, Keccak does not have the length-extension weakness, hence does not need the HMAC nested construction. Instead, MAC computation can be performed by simply prepending the message with the key.</q></cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Keccak+sponge+function+family&rft.atitle=Strengths+of+Keccak+%E2%80%93+Design+and+security&rft_id=http%3A%2F%2Fkeccak.noekeon.org%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-30"><span class="mw-cite-backlink"><b><a href="#cite_ref-30">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.schneier.com/books/cryptography-engineering">"Schneier on Security: Cryptography Engineering"</a>. <i>www.schneier.com</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2023-08-27</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.schneier.com&rft.atitle=Schneier+on+Security%3A+Cryptography+Engineering&rft_id=https%3A%2F%2Fwww.schneier.com%2Fbooks%2Fcryptography-engineering&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-sha0-chabaud-31"><span class="mw-cite-backlink"><b><a href="#cite_ref-sha0-chabaud_31-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFChabaudJoux1998" class="citation book cs1">Chabaud, Florent; Joux, Antoine (October 3, 1998). <a rel="nofollow" class="external text" href="https://link.springer.com/chapter/10.1007/BFb0055720">"Differential collisions in SHA-0"</a>. In Krawczyk, Hugo (ed.). <i>Advances in Cryptology – CRYPTO '98</i>. Lecture Notes in Computer Science. Vol. 1462. Springer. pp. 56–71. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1007%2FBFb0055720">10.1007/BFb0055720</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-3-540-64892-5" title="Special:BookSources/978-3-540-64892-5"><bdi>978-3-540-64892-5</bdi></a> – via Springer Link.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.atitle=Differential+collisions+in+SHA-0&rft.btitle=Advances+in+Cryptology+%E2%80%93+CRYPTO+%2798&rft.series=Lecture+Notes+in+Computer+Science&rft.pages=56-71&rft.pub=Springer&rft.date=1998-10-03&rft_id=info%3Adoi%2F10.1007%2FBFb0055720&rft.isbn=978-3-540-64892-5&rft.aulast=Chabaud&rft.aufirst=Florent&rft.au=Joux%2C+Antoine&rft_id=https%3A%2F%2Flink.springer.com%2Fchapter%2F10.1007%2FBFb0055720&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-32"><span class="mw-cite-backlink"><b><a href="#cite_ref-32">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBihamChen" class="citation web cs1">Biham, Eli; Chen, Rafi. <a rel="nofollow" class="external text" href="https://www.iacr.org/archive/crypto2004/31520290/biham-chen-sha0-proc-real-one.pdf">"Near-Collisions of SHA-0"</a> <span class="cs1-format">(PDF)</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Near-Collisions+of+SHA-0&rft.aulast=Biham&rft.aufirst=Eli&rft.au=Chen%2C+Rafi&rft_id=https%3A%2F%2Fwww.iacr.org%2Farchive%2Fcrypto2004%2F31520290%2Fbiham-chen-sha0-proc-real-one.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-33"><span class="mw-cite-backlink"><b><a href="#cite_ref-33">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20040821031401/http://www.freedom-to-tinker.com/archives/000664.html">"Report from Crypto 2004"</a>. Archived from <a rel="nofollow" class="external text" href="http://www.freedom-to-tinker.com/archives/000664.html">the original</a> on 2004-08-21<span class="reference-accessdate">. Retrieved <span class="nowrap">2004-08-23</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Report+from+Crypto+2004&rft_id=http%3A%2F%2Fwww.freedom-to-tinker.com%2Farchives%2F000664.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-34"><span class="mw-cite-backlink"><b><a href="#cite_ref-34">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGrieu2004" class="citation newsgroup cs1">Grieu, Francois (18 August 2004). "Re: Any advance news from the crypto rump session?". <a href="/wiki/Usenet_newsgroup" title="Usenet newsgroup">Newsgroup</a>: <a rel="nofollow" class="external text" href="news:sci.crypt">sci.crypt</a>. Event occurs at 05:06:02 +0200. <a href="/wiki/Usenet_(identifier)" class="mw-redirect" title="Usenet (identifier)">Usenet:</a> <a rel="nofollow" class="external text" href="news:fgrieu-05A994.05060218082004@individual.net">fgrieu-05A994.05060218082004@individual.net</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Re%3A+Any+advance+news+from+the+crypto+rump+session%3F&rft.pub=sci.crypt&rft.date=2004-08-18&rft_id=news%3Afgrieu-05A994.05060218082004%40individual.net%23id-name%3DUsenet%3A&rft.aulast=Grieu&rft.aufirst=Francois&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-35"><span class="mw-cite-backlink"><b><a href="#cite_ref-35">^</a></b></span> <span class="reference-text"><a rel="nofollow" class="external text" href="http://www.infosec.sdu.edu.cn/paper/sha0-crypto-author-new.pdf">Efficient Collision Search Attacks on SHA-0</a> <a rel="nofollow" class="external text" href="https://web.archive.org/web/20050910132832/http://www.infosec.sdu.edu.cn/paper/sha0-crypto-author-new.pdf">Archived</a> 2005-09-10 at the <a href="/wiki/Wayback_Machine" title="Wayback Machine">Wayback Machine</a>, <a href="/wiki/Shandong_University" title="Shandong University">Shandong University</a></span> </li> <li id="cite_note-36"><span class="mw-cite-backlink"><b><a href="#cite_ref-36">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFManuelPeyrin2008" class="citation conference cs1">Manuel, Stéphane; Peyrin, Thomas (2008-02-11). <a rel="nofollow" class="external text" href="https://link.springer.com/content/pdf/10.1007%2F978-3-540-71039-4_2.pdf"><i>Collisions on SHA-0 in One Hour</i></a> <span class="cs1-format">(PDF)</span>. Fast Software Encryption 2008. Lecture Notes in Computer Science. Vol. 5086. pp. 16–35. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<span class="id-lock-free" title="Freely accessible"><a rel="nofollow" class="external text" href="https://doi.org/10.1007%2F978-3-540-71039-4_2">10.1007/978-3-540-71039-4_2</a></span>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-3-540-71038-7" title="Special:BookSources/978-3-540-71038-7"><bdi>978-3-540-71038-7</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=conference&rft.btitle=Collisions+on+SHA-0+in+One+Hour&rft.series=Lecture+Notes+in+Computer+Science&rft.pages=16-35&rft.date=2008-02-11&rft_id=info%3Adoi%2F10.1007%2F978-3-540-71039-4_2&rft.isbn=978-3-540-71038-7&rft.aulast=Manuel&rft.aufirst=St%C3%A9phane&rft.au=Peyrin%2C+Thomas&rft_id=https%3A%2F%2Flink.springer.com%2Fcontent%2Fpdf%2F10.1007%252F978-3-540-71039-4_2.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-37"><span class="mw-cite-backlink"><b><a href="#cite_ref-37">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://csrc.nist.gov/News/2004/NIST-Brief-Comments-on-Recent-Cryptanalytic-Attack">"NIST Brief Comments on Recent Cryptanalytic Attacks on Secure Hashing Functions and the Continued Security Provided by SHA-1"</a>. 23 August 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">2022-03-16</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=NIST+Brief+Comments+on+Recent+Cryptanalytic+Attacks+on+Secure+Hashing+Functions+and+the+Continued+Security+Provided+by+SHA-1&rft.date=2017-08-23&rft_id=https%3A%2F%2Fcsrc.nist.gov%2FNews%2F2004%2FNIST-Brief-Comments-on-Recent-Cryptanalytic-Attack&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-38"><span class="mw-cite-backlink"><b><a href="#cite_ref-38">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRijmenOswald2005" class="citation journal cs1">Rijmen, Vincent; Oswald, Elisabeth (2005). <a rel="nofollow" class="external text" href="http://eprint.iacr.org/2005/010">"Update on SHA-1"</a>. <i>Cryptology ePrint Archive</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Cryptology+ePrint+Archive&rft.atitle=Update+on+SHA-1&rft.date=2005&rft.aulast=Rijmen&rft.aufirst=Vincent&rft.au=Oswald%2C+Elisabeth&rft_id=http%3A%2F%2Feprint.iacr.org%2F2005%2F010&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-39"><span class="mw-cite-backlink"><b><a href="#cite_ref-39">^</a></b></span> <span class="reference-text"><a rel="nofollow" class="external text" href="http://theory.csail.mit.edu/~yiqun/shanote.pdf">Collision Search Attacks on SHA1</a> <a rel="nofollow" class="external text" href="https://web.archive.org/web/20050219180957/http://theory.csail.mit.edu/~yiqun/shanote.pdf">Archived</a> 2005-02-19 at the <a href="/wiki/Wayback_Machine" title="Wayback Machine">Wayback Machine</a>, <a href="/wiki/Massachusetts_Institute_of_Technology" title="Massachusetts Institute of Technology">Massachusetts Institute of Technology</a></span> </li> <li id="cite_note-40"><span class="mw-cite-backlink"><b><a href="#cite_ref-40">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLemos" class="citation web cs1">Lemos, Robert. <a rel="nofollow" class="external text" href="https://www.zdnet.com/article/fixing-a-hole-in-security/">"Fixing a hole in security"</a>. <i>ZDNet</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=ZDNet&rft.atitle=Fixing+a+hole+in+security&rft.aulast=Lemos&rft.aufirst=Robert&rft_id=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Ffixing-a-hole-in-security%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-41"><span class="mw-cite-backlink"><b><a href="#cite_ref-41">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFCochran2007" class="citation journal cs1">Cochran, Martin (2007). <a rel="nofollow" class="external text" href="http://eprint.iacr.org/2007/474">"Notes on the Wang et al. 2<sup>63</sup> SHA-1 Differential Path"</a>. <i>Cryptology ePrint Archive</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Cryptology+ePrint+Archive&rft.atitle=Notes+on+the+Wang+et+al.+2%3Csup%3E63%3C%2Fsup%3E+SHA-1+Differential+Path&rft.date=2007&rft.aulast=Cochran&rft.aufirst=Martin&rft_id=http%3A%2F%2Feprint.iacr.org%2F2007%2F474&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-42"><span class="mw-cite-backlink"><b><a href="#cite_ref-42">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFDe_CannièreRechberger2006" class="citation book cs1">De Cannière, Christophe; Rechberger, Christian (2006-11-15). "Finding SHA-1 Characteristics: General Results and Applications". <i>Advances in Cryptology – ASIACRYPT 2006</i>. Lecture Notes in Computer Science. Vol. 4284. pp. 1–20. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1007%2F11935230_1">10.1007/11935230_1</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-3-540-49475-1" title="Special:BookSources/978-3-540-49475-1"><bdi>978-3-540-49475-1</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.atitle=Finding+SHA-1+Characteristics%3A+General+Results+and+Applications&rft.btitle=Advances+in+Cryptology+%E2%80%93+ASIACRYPT+2006&rft.series=Lecture+Notes+in+Computer+Science&rft.pages=1-20&rft.date=2006-11-15&rft_id=info%3Adoi%2F10.1007%2F11935230_1&rft.isbn=978-3-540-49475-1&rft.aulast=De+Canni%C3%A8re&rft.aufirst=Christophe&rft.au=Rechberger%2C+Christian&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-43"><span class="mw-cite-backlink"><b><a href="#cite_ref-43">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20130115071715/http://www.iaik.tugraz.at/content/research/krypto/sha1/SHA1Collision_Description.php">"IAIK Krypto Group — Description of SHA-1 Collision Search Project"</a>. Archived from <a rel="nofollow" class="external text" href="http://www.iaik.tugraz.at/content/research/krypto/sha1/SHA1Collision_Description.php">the original</a> on 2013-01-15<span class="reference-accessdate">. Retrieved <span class="nowrap">2009-06-30</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=IAIK+Krypto+Group+%E2%80%94+Description+of+SHA-1+Collision+Search+Project&rft_id=http%3A%2F%2Fwww.iaik.tugraz.at%2Fcontent%2Fresearch%2Fkrypto%2Fsha1%2FSHA1Collision_Description.php&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-44"><span class="mw-cite-backlink"><b><a href="#cite_ref-44">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://eprint.iacr.org/2010/413">"Collisions for 72-step and 73-step SHA-1: Improvements in the Method of Characteristics"</a><span class="reference-accessdate">. Retrieved <span class="nowrap">2010-07-24</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Collisions+for+72-step+and+73-step+SHA-1%3A+Improvements+in+the+Method+of+Characteristics&rft_id=http%3A%2F%2Feprint.iacr.org%2F2010%2F413&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-45"><span class="mw-cite-backlink"><b><a href="#cite_ref-45">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20090225115007/http://boinc.iaik.tugraz.at/sha1_coll_search/">"SHA-1 Collision Search Graz"</a>. Archived from <a rel="nofollow" class="external text" href="http://boinc.iaik.tugraz.at/sha1_coll_search/">the original</a> on 2009-02-25<span class="reference-accessdate">. Retrieved <span class="nowrap">2009-06-30</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=SHA-1+Collision+Search+Graz&rft_id=http%3A%2F%2Fboinc.iaik.tugraz.at%2Fsha1_coll_search%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-46"><span class="mw-cite-backlink"><b><a href="#cite_ref-46">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.heise-online.co.uk/security/SHA-1-hash-function-under-pressure--/news/77244">"heise online – IT-News, Nachrichten und Hintergründe"</a>. <i>heise online</i>. 27 August 2023.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=heise+online&rft.atitle=heise+online+%E2%80%93+IT-News%2C+Nachrichten+und+Hintergr%C3%BCnde&rft.date=2023-08-27&rft_id=http%3A%2F%2Fwww.heise-online.co.uk%2Fsecurity%2FSHA-1-hash-function-under-pressure--%2Fnews%2F77244&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-47"><span class="mw-cite-backlink"><b><a href="#cite_ref-47">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.iacr.org/conferences/crypto2006/rumpsched.html">"Crypto 2006 Rump Schedule"</a>. <i>www.iacr.org</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.iacr.org&rft.atitle=Crypto+2006+Rump+Schedule&rft_id=https%3A%2F%2Fwww.iacr.org%2Fconferences%2Fcrypto2006%2Frumpsched.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-48"><span class="mw-cite-backlink"><b><a href="#cite_ref-48">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFManuel" class="citation web cs1">Manuel, Stéphane. <a rel="nofollow" class="external text" href="http://eprint.iacr.org/2008/469.pdf">"Classification and Generation of Disturbance Vectors for Collision Attacks against SHA-1"</a> <span class="cs1-format">(PDF)</span>. <i>Cryptology ePrint Archive</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2011-05-19</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Cryptology+ePrint+Archive&rft.atitle=Classification+and+Generation+of+Disturbance+Vectors+for+Collision+Attacks+against+SHA-1&rft.aulast=Manuel&rft.aufirst=St%C3%A9phane&rft_id=http%3A%2F%2Feprint.iacr.org%2F2008%2F469.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-49"><span class="mw-cite-backlink"><b><a href="#cite_ref-49">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFManuel2011" class="citation journal cs1">Manuel, Stéphane (2011). "Classification and Generation of Disturbance Vectors for Collision Attacks against SHA-1". <i>Designs, Codes and Cryptography</i>. <b>59</b> (1–3): 247–263. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1007%2Fs10623-010-9458-9">10.1007/s10623-010-9458-9</a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:47179704">47179704</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Designs%2C+Codes+and+Cryptography&rft.atitle=Classification+and+Generation+of+Disturbance+Vectors+for+Collision+Attacks+against+SHA-1&rft.volume=59&rft.issue=1%E2%80%933&rft.pages=247-263&rft.date=2011&rft_id=info%3Adoi%2F10.1007%2Fs10623-010-9458-9&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A47179704%23id-name%3DS2CID&rft.aulast=Manuel&rft.aufirst=St%C3%A9phane&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span> <i>the most efficient disturbance vector is Codeword2 first reported by Jutla and Patthak</i></span> </li> <li id="cite_note-50"><span class="mw-cite-backlink"><b><a href="#cite_ref-50">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf">"SHA-1 collisions now 2^52"</a> <span class="cs1-format">(PDF)</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=SHA-1+collisions+now+2%5E52&rft_id=http%3A%2F%2Feurocrypt2009rump.cr.yp.to%2F837a0a8086fa6ca714249409ddfae43d.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-51"><span class="mw-cite-backlink"><b><a href="#cite_ref-51">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMcDonaldHawkesPieprzyk2009" class="citation journal cs1">McDonald, Cameron; Hawkes, Philip; Pieprzyk, Josef (2009). <a rel="nofollow" class="external text" href="http://eprint.iacr.org/2009/259">"Differential Path for SHA-1 with complexity O(<sup>252</sup>)"</a>. <i>Cryptology ePrint Archive</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Cryptology+ePrint+Archive&rft.atitle=Differential+Path+for+SHA-1+with+complexity+O%28%3Csup%3E252%3C%2Fsup%3E%29&rft.date=2009&rft.aulast=McDonald&rft.aufirst=Cameron&rft.au=Hawkes%2C+Philip&rft.au=Pieprzyk%2C+Josef&rft_id=http%3A%2F%2Feprint.iacr.org%2F2009%2F259&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span> (withdrawn)</span> </li> <li id="cite_note-Cryptanalysis_of_MD5_&_SHA-1-52"><span class="mw-cite-backlink"><b><a href="#cite_ref-Cryptanalysis_of_MD5_&_SHA-1_52-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://2012.sharcs.org/slides/stevens.pdf">"Cryptanalysis of MD5 & SHA-1"</a> <span class="cs1-format">(PDF)</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Cryptanalysis+of+MD5+%26+SHA-1&rft_id=http%3A%2F%2F2012.sharcs.org%2Fslides%2Fstevens.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-53"><span class="mw-cite-backlink"><b><a href="#cite_ref-53">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html">"When Will We See Collisions for SHA-1? – Schneier on Security"</a>. <i>www.schneier.com</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.schneier.com&rft.atitle=When+Will+We+See+Collisions+for+SHA-1%3F+%E2%80%93+Schneier+on+Security&rft_id=https%3A%2F%2Fwww.schneier.com%2Fblog%2Farchives%2F2012%2F10%2Fwhen_will_we_se.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-54"><span class="mw-cite-backlink"><b><a href="#cite_ref-54">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://code.google.com/archive/p/hashclash">"Google Code Archive – Long-term storage for Google Code Project Hosting"</a>. <i>code.google.com</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=code.google.com&rft.atitle=Google+Code+Archive+%E2%80%93+Long-term+storage+for+Google+Code+Project+Hosting.&rft_id=https%3A%2F%2Fcode.google.com%2Farchive%2Fp%2Fhashclash&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-leurent-peyrin-sha1-55"><span class="mw-cite-backlink"><b><a href="#cite_ref-leurent-peyrin-sha1_55-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLeurentPeyrin2019" class="citation conference cs1">Leurent, Gaëtan; Peyrin, Thomas (2019). <a rel="nofollow" class="external text" href="https://hal.inria.fr/hal-02424900/file/SHA1_EC19.pdf">"From Collisions to Chosen-Prefix Collisions Application to Full SHA-1"</a> <span class="cs1-format">(PDF)</span>. In Yuval Ishai; Vincent Rijmen (eds.). <a rel="nofollow" class="external text" href="https://eprint.iacr.org/2019/459.pdf"><i>Advances in Cryptology – EUROCRYPT 2019</i></a> <span class="cs1-format">(PDF)</span>. 38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Darmstadt, Germany, May 19–23, 2019. Lecture Notes in Computer Science. Vol. 11478. Springer. pp. 527–555. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1007%2F978-3-030-17659-4_18">10.1007/978-3-030-17659-4_18</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-3-030-17658-7" title="Special:BookSources/978-3-030-17658-7"><bdi>978-3-030-17658-7</bdi></a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:153311244">153311244</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=conference&rft.atitle=From+Collisions+to+Chosen-Prefix+Collisions+Application+to+Full+SHA-1&rft.btitle=Advances+in+Cryptology+%E2%80%93+EUROCRYPT+2019&rft.series=Lecture+Notes+in+Computer+Science&rft.pages=527-555&rft.pub=Springer&rft.date=2019&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A153311244%23id-name%3DS2CID&rft_id=info%3Adoi%2F10.1007%2F978-3-030-17659-4_18&rft.isbn=978-3-030-17658-7&rft.aulast=Leurent&rft.aufirst=Ga%C3%ABtan&rft.au=Peyrin%2C+Thomas&rft_id=https%3A%2F%2Fhal.inria.fr%2Fhal-02424900%2Ffile%2FSHA1_EC19.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-56"><span class="mw-cite-backlink"><b><a href="#cite_ref-56">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.faqs.org/rfcs/rfc3174.html">"RFC 3174 - US Secure Hash Algorithm 1 (SHA1) (RFC3174)"</a>. <i>www.faqs.org</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.faqs.org&rft.atitle=RFC+3174+-+US+Secure+Hash+Algorithm+1+%28SHA1%29+%28RFC3174%29&rft_id=http%3A%2F%2Fwww.faqs.org%2Frfcs%2Frfc3174.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-57"><span class="mw-cite-backlink"><b><a href="#cite_ref-57">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLocktyukhin2010" class="citation cs2">Locktyukhin, Max (2010-03-31), <a rel="nofollow" class="external text" href="https://www.intel.com/content/www/us/en/developer/articles/technical/improving-the-performance-of-the-secure-hash-algorithm-1.html">"Improving the Performance of the Secure Hash Algorithm (SHA-1)"</a>, <i>Intel Software Knowledge Base</i><span class="reference-accessdate">, retrieved <span class="nowrap">2010-04-02</span></span></cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Intel+Software+Knowledge+Base&rft.atitle=Improving+the+Performance+of+the+Secure+Hash+Algorithm+%28SHA-1%29&rft.date=2010-03-31&rft.aulast=Locktyukhin&rft.aufirst=Max&rft_id=https%3A%2F%2Fwww.intel.com%2Fcontent%2Fwww%2Fus%2Fen%2Fdeveloper%2Farticles%2Ftechnical%2Fimproving-the-performance-of-the-secure-hash-algorithm-1.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-58"><span class="mw-cite-backlink"><b><a href="#cite_ref-58">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://bench.cr.yp.to/results-hash.html#amd64-skylake">"Measurements table"</a>. <i>bench.cr.yp.to</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=bench.cr.yp.to&rft.atitle=Measurements+table&rft_id=http%3A%2F%2Fbench.cr.yp.to%2Fresults-hash.html%23amd64-skylake&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-59"><span class="mw-cite-backlink"><b><a href="#cite_ref-59">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFTaoLiuFeng2013" class="citation techreport cs1">Tao, Xie; Liu, Fanbao; Feng, Dengguo (2013). <a rel="nofollow" class="external text" href="https://eprint.iacr.org/2013/170.pdf"><i>Fast Collision Attack on MD5</i></a> <span class="cs1-format">(PDF)</span>. <i>Cryptology ePrint Archive</i> (Technical report). <a href="/wiki/International_Association_for_Cryptologic_Research" title="International Association for Cryptologic Research">IACR</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=report&rft.btitle=Fast+Collision+Attack+on+MD5&rft.pub=IACR&rft.date=2013&rft.aulast=Tao&rft.aufirst=Xie&rft.au=Liu%2C+Fanbao&rft.au=Feng%2C+Dengguo&rft_id=https%3A%2F%2Feprint.iacr.org%2F2013%2F170.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-60"><span class="mw-cite-backlink"><b><a href="#cite_ref-60">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFStevensBurszteinKarpmanAlbertini" class="citation techreport cs1"><a href="/wiki/Marc_Stevens_(cryptology)" title="Marc Stevens (cryptology)">Stevens, Marc</a>; <a href="/wiki/Elie_Bursztein" title="Elie Bursztein">Bursztein, Elie</a>; Karpman, Pierre; Albertini, Ange; Markov, Yarik. <a rel="nofollow" class="external text" href="https://shattered.io/static/shattered.pdf"><i>The first collision for full SHA-1</i></a> <span class="cs1-format">(PDF)</span> (Technical report). <a href="/wiki/Google" title="Google">Google Research</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=report&rft.btitle=The+first+collision+for+full+SHA-1&rft.pub=Google+Research&rft.aulast=Stevens&rft.aufirst=Marc&rft.au=Bursztein%2C+Elie&rft.au=Karpman%2C+Pierre&rft.au=Albertini%2C+Ange&rft.au=Markov%2C+Yarik&rft_id=https%3A%2F%2Fshattered.io%2Fstatic%2Fshattered.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span> <ul><li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMarc_StevensElie_BurszteinPierre_KarpmanAnge_Albertini2017" class="citation web cs1">Marc Stevens; Elie Bursztein; Pierre Karpman; Ange Albertini; Yarik Markov; Alex Petit Bianco; Clement Baisse (February 23, 2017). <a rel="nofollow" class="external text" href="https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html">"Announcing the first SHA1 collision"</a>. <i>Google Security Blog</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Google+Security+Blog&rft.atitle=Announcing+the+first+SHA1+collision&rft.date=2017-02-23&rft.au=Marc+Stevens&rft.au=Elie+Bursztein&rft.au=Pierre+Karpman&rft.au=Ange+Albertini&rft.au=Yarik+Markov&rft.au=Alex+Petit+Bianco&rft.au=Clement+Baisse&rft_id=https%3A%2F%2Fsecurity.googleblog.com%2F2017%2F02%2Fannouncing-first-sha1-collision.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></li></ul> </span></li> <li id="cite_note-61"><span class="mw-cite-backlink"><b><a href="#cite_ref-61">^</a></b></span> <span class="reference-text">Without truncation, the full internal state of the hash function is known, regardless of collision resistance. If the output is truncated, the removed part of the state must be searched for and found before the hash function can be resumed, allowing the attack to proceed.</span> </li> <li id="cite_note-62"><span class="mw-cite-backlink"><b><a href="#cite_ref-62">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://keccak.noekeon.org/specs_summary.html">"The Keccak sponge function family"</a><span class="reference-accessdate">. Retrieved <span class="nowrap">2016-01-27</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=The+Keccak+sponge+function+family&rft_id=http%3A%2F%2Fkeccak.noekeon.org%2Fspecs_summary.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-63"><span class="mw-cite-backlink"><b><a href="#cite_ref-63">^</a></b></span> <span class="reference-text">IBM z/Architecture Principles of Operation, publication number SA22-7832. See KIMD and KLMD instructions in Chapter 7.</span> </li> <li id="cite_note-64"><span class="mw-cite-backlink"><b><a href="#cite_ref-64">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFStevens2017" class="citation web cs1">Stevens, Marc (2017). <a rel="nofollow" class="external text" href="https://github.com/cr-marcstevens/sha1collisiondetection">"cr-marcstevens/sha1collisiondetection: Library and command line tool to detect SHA-1 collision in a file"</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=cr-marcstevens%2Fsha1collisiondetection%3A+Library+and+command+line+tool+to+detect+SHA-1+collision+in+a+file&rft.date=2017&rft.aulast=Stevens&rft.aufirst=Marc&rft_id=https%3A%2F%2Fgithub.com%2Fcr-marcstevens%2Fsha1collisiondetection&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> <li id="cite_note-65"><span class="mw-cite-backlink"><b><a href="#cite_ref-65">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFKing2017" class="citation web cs1">King, Jeff (10 May 2017). <a rel="nofollow" class="external text" href="https://github.blog/2017-05-10-git-2-13-has-been-released/">"Git 2.13 has been released"</a>. <i>The GitHub Blog</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+GitHub+Blog&rft.atitle=Git+2.13+has+been+released&rft.date=2017-05-10&rft.aulast=King&rft.aufirst=Jeff&rft_id=https%3A%2F%2Fgithub.blog%2F2017-05-10-git-2-13-has-been-released%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span></span> </li> </ol></div> <div class="mw-heading mw-heading2"><h2 id="References">References</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=SHA-1&action=edit&section=20" title="Edit section: References"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1239549316">.mw-parser-output .refbegin{margin-bottom:0.5em}.mw-parser-output .refbegin-hanging-indents>ul{margin-left:0}.mw-parser-output .refbegin-hanging-indents>ul>li{margin-left:0;padding-left:3.2em;text-indent:-3.2em}.mw-parser-output .refbegin-hanging-indents ul,.mw-parser-output .refbegin-hanging-indents ul li{list-style:none}@media(max-width:720px){.mw-parser-output .refbegin-hanging-indents>ul>li{padding-left:1.6em;text-indent:-1.6em}}.mw-parser-output .refbegin-columns{margin-top:0.3em}.mw-parser-output .refbegin-columns ul{margin-top:0}.mw-parser-output .refbegin-columns li{page-break-inside:avoid;break-inside:avoid-column}@media screen{.mw-parser-output .refbegin{font-size:90%}}</style><div class="refbegin" style=""> <ul><li><a href="/wiki/Eli_Biham" title="Eli Biham">Eli Biham</a>, Rafi Chen, Near-Collisions of SHA-0, Cryptology ePrint Archive, Report 2004/146, 2004 (appeared on CRYPTO 2004), <a rel="nofollow" class="external text" href="http://eprint.iacr.org/2004/146/">IACR.org</a></li> <li><a href="/wiki/Xiaoyun_Wang" class="mw-redirect" title="Xiaoyun Wang">Xiaoyun Wang</a>, Hongbo Yu and Yiqun Lisa Yin, <a rel="nofollow" class="external text" href="https://web.archive.org/web/20050910132832/http://www.infosec.sdu.edu.cn/paper/sha0-crypto-author-new.pdf">Efficient Collision Search Attacks on SHA-0</a>, Crypto 2005</li> <li><a href="/wiki/Xiaoyun_Wang" class="mw-redirect" title="Xiaoyun Wang">Xiaoyun Wang</a>, Yiqun Lisa Yin and Hongbo Yu, <a rel="nofollow" class="external text" href="https://www.iacr.org/archive/crypto2005/36210017/36210017.pdf">Finding Collisions in the Full SHA-1</a>, Crypto 2005</li> <li><a href="/w/index.php?title=Henri_Gilbert&action=edit&redlink=1" class="new" title="Henri Gilbert (page does not exist)">Henri Gilbert</a>, <a href="/w/index.php?title=Helena_Handschuh&action=edit&redlink=1" class="new" title="Helena Handschuh (page does not exist)">Helena Handschuh</a>: <a rel="nofollow" class="external text" href="https://link.springer.com/content/pdf/10.1007/978-3-540-24654-1_13.pdf">Security Analysis of SHA-256 and Sisters</a>. <a href="/wiki/Selected_Areas_in_Cryptography" title="Selected Areas in Cryptography">Selected Areas in Cryptography</a> 2003: pp175–193</li> <li><a rel="nofollow" class="external text" href="http://www.unixwiz.net/techtips/iguide-crypto-hashes.html">An Illustrated Guide to Cryptographic Hashes</a></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation journal cs1"><a rel="nofollow" class="external text" href="http://frwebgate1.access.gpo.gov/cgi-bin/waisgate.cgi?WAISdocID=5963452267+0+0+0&WAISaction=retrieve">"Proposed Revision of Federal Information Processing Standard (FIPS) 180, Secure Hash Standard"</a>. <i>Federal Register</i>. <b>59</b> (131): 35317–35318. 1994-07-11<span class="reference-accessdate">. Retrieved <span class="nowrap">2007-04-26</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Federal+Register&rft.atitle=Proposed+Revision+of+Federal+Information+Processing+Standard+%28FIPS%29+180%2C+Secure+Hash+Standard&rft.volume=59&rft.issue=131&rft.pages=35317-35318&rft.date=1994-07-11&rft_id=http%3A%2F%2Ffrwebgate1.access.gpo.gov%2Fcgi-bin%2Fwaisgate.cgi%3FWAISdocID%3D5963452267%2B0%2B0%2B0%26WAISaction%3Dretrieve&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASHA-1" class="Z3988"></span><sup class="noprint Inline-Template"><span style="white-space: nowrap;">[<i><a href="/wiki/Wikipedia:Link_rot" title="Wikipedia:Link rot"><span title=" Dead link tagged April 2018">permanent dead link</span></a></i><span style="visibility:hidden; color:transparent; padding-left:2px">‍</span>]</span></sup></li> <li>A. Cilardo, L. Esposito, A. Veniero, A. Mazzeo, V. Beltran, E. Ayugadé, <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170830045350/http://people.ac.upc.edu/vbeltran/papers/HPCC2010.pdf">A CellBE-based HPC application for the analysis of vulnerabilities in cryptographic hash functions</a>, High Performance Computing and Communication international conference, August 2010</li></ul> </div> <div class="mw-heading mw-heading2"><h2 id="External_links">External links</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=SHA-1&action=edit&section=21" title="Edit section: External links"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a rel="nofollow" class="external text" href="https://web.archive.org/web/20110625054822/http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html">CSRC Cryptographic Toolkit</a> – Official <a href="/wiki/National_Institute_of_Standards_and_Technology" title="National Institute of Standards and Technology">NIST</a> site for the Secure Hash Standard</li> <li><a rel="nofollow" class="external text" href="https://web.archive.org/web/20161126003357/http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf">FIPS 180-4: Secure Hash Standard (SHS)</a></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222">RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc3174">3174</a> (with sample C implementation)</li> <li><a rel="nofollow" class="external text" href="https://www.zdnet.com/article/fixing-a-hole-in-security/">Interview with Yiqun Lisa Yin concerning the attack on SHA-1</a></li> <li><a rel="nofollow" class="external text" href="http://www.heise-online.co.uk/security/Hash-cracked--/features/75686">Explanation of the successful attacks on SHA-1</a> (3 pages, 2006)</li> <li><a rel="nofollow" class="external text" href="http://www.cryptography.com/cnews/hash.html">Cryptography Research – Hash Collision Q&A</a></li> <li><a rel="nofollow" class="external text" href="https://www.youtube.com/watch?v=5q8q4PhN0cw"><span class="plainlinks">Lecture on SHA-1 (1h 18m)</span></a> on <a href="/wiki/YouTube_video_(identifier)" class="mw-redirect" title="YouTube video (identifier)">YouTube</a> by <a rel="nofollow" class="external text" href="http://www.emsec.rub.de/chair/_staff/christof-paar/">Christof Paar</a> <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170424134012/http://www.emsec.rub.de/chair/_staff/christof-paar/">Archived</a> 2017-04-24 at the <a href="/wiki/Wayback_Machine" title="Wayback Machine">Wayback Machine</a></li></ul> <div class="navbox-styles"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><style data-mw-deduplicate="TemplateStyles:r1236075235">.mw-parser-output .navbox{box-sizing:border-box;border:1px solid #a2a9b1;width:100%;clear:both;font-size:88%;text-align:center;padding:1px;margin:1em auto 0}.mw-parser-output .navbox .navbox{margin-top:0}.mw-parser-output .navbox+.navbox,.mw-parser-output .navbox+.navbox-styles+.navbox{margin-top:-1px}.mw-parser-output .navbox-inner,.mw-parser-output .navbox-subgroup{width:100%}.mw-parser-output .navbox-group,.mw-parser-output .navbox-title,.mw-parser-output .navbox-abovebelow{padding:0.25em 1em;line-height:1.5em;text-align:center}.mw-parser-output .navbox-group{white-space:nowrap;text-align:right}.mw-parser-output .navbox,.mw-parser-output .navbox-subgroup{background-color:#fdfdfd}.mw-parser-output .navbox-list{line-height:1.5em;border-color:#fdfdfd}.mw-parser-output .navbox-list-with-group{text-align:left;border-left-width:2px;border-left-style:solid}.mw-parser-output tr+tr>.navbox-abovebelow,.mw-parser-output tr+tr>.navbox-group,.mw-parser-output tr+tr>.navbox-image,.mw-parser-output tr+tr>.navbox-list{border-top:2px solid #fdfdfd}.mw-parser-output .navbox-title{background-color:#ccf}.mw-parser-output .navbox-abovebelow,.mw-parser-output .navbox-group,.mw-parser-output .navbox-subgroup .navbox-title{background-color:#ddf}.mw-parser-output .navbox-subgroup .navbox-group,.mw-parser-output .navbox-subgroup .navbox-abovebelow{background-color:#e6e6ff}.mw-parser-output .navbox-even{background-color:#f7f7f7}.mw-parser-output .navbox-odd{background-color:transparent}.mw-parser-output .navbox .hlist td dl,.mw-parser-output .navbox .hlist td ol,.mw-parser-output .navbox .hlist td ul,.mw-parser-output .navbox td.hlist dl,.mw-parser-output .navbox td.hlist ol,.mw-parser-output .navbox td.hlist ul{padding:0.125em 0}.mw-parser-output .navbox .navbar{display:block;font-size:100%}.mw-parser-output .navbox-title .navbar{float:left;text-align:left;margin-right:0.5em}body.skin--responsive .mw-parser-output .navbox-image img{max-width:none!important}@media print{body.ns-0 .mw-parser-output .navbox{display:none!important}}</style><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1239400231"></div><div role="navigation" class="navbox" aria-label="Navbox" style="padding:3px"><table class="nowraplinks hlist navbox-inner" style="border-spacing:0;background:transparent;color:inherit"><tbody><tr><td colspan="2" class="navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"></div><table class="nowraplinks navbox-subgroup" style="border-spacing:0"><tbody><tr><td colspan="2" class="navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"></div><table class="nowraplinks hlist mw-collapsible mw-collapsed navbox-subgroup" style="border-spacing:0"><tbody><tr><th scope="col" class="navbox-title" colspan="2"><div class="navbar plainlinks hlist navbar-mini"><ul><li class="nv-view"><a href="/wiki/Template:Cryptography_hash" title="Template:Cryptography hash"><abbr title="View this template">v</abbr></a></li><li class="nv-talk"><a href="/wiki/Template_talk:Cryptography_hash" title="Template talk:Cryptography hash"><abbr title="Discuss this template">t</abbr></a></li><li class="nv-edit"><a href="/wiki/Special:EditPage/Template:Cryptography_hash" title="Special:EditPage/Template:Cryptography hash"><abbr title="Edit this template">e</abbr></a></li></ul></div><div id="Cryptographic_hash_functions_and_message_authentication_codes" style="font-size:114%;margin:0 4em"><a href="/wiki/Cryptographic_hash_function" title="Cryptographic hash function">Cryptographic hash functions</a> and <a href="/wiki/Message_authentication_code" title="Message authentication code">message authentication codes</a></div></th></tr><tr><td class="navbox-abovebelow" colspan="2"><div> <ul><li><a href="/wiki/List_of_hash_functions" title="List of hash functions">List</a></li> <li><a href="/wiki/Comparison_of_cryptographic_hash_functions" title="Comparison of cryptographic hash functions">Comparison</a></li> <li><a href="/wiki/Hash_function_security_summary" title="Hash function security summary">Known attacks</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Common functions</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/MD5" title="MD5">MD5</a> (compromised)</li> <li><a class="mw-selflink selflink">SHA-1</a> (compromised)</li> <li><a href="/wiki/SHA-2" title="SHA-2">SHA-2</a></li> <li><a href="/wiki/SHA-3" title="SHA-3">SHA-3</a></li> <li><a href="/wiki/BLAKE_(hash_function)#BLAKE2" title="BLAKE (hash function)">BLAKE2</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/NIST_hash_function_competition" title="NIST hash function competition">SHA-3 finalists</a></th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/BLAKE_(hash_function)" title="BLAKE (hash function)">BLAKE</a></li> <li><a href="/wiki/Gr%C3%B8stl" title="Grøstl">Grøstl</a></li> <li><a href="/wiki/JH_(hash_function)" title="JH (hash function)">JH</a></li> <li><a href="/wiki/Skein_(hash_function)" title="Skein (hash function)">Skein</a></li> <li><a href="/wiki/SHA-3" title="SHA-3">Keccak</a> (winner)</li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Other functions</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/BLAKE3" class="mw-redirect" title="BLAKE3">BLAKE3</a></li> <li><a href="/wiki/CubeHash" title="CubeHash">CubeHash</a></li> <li><a href="/wiki/Elliptic_curve_only_hash" title="Elliptic curve only hash">ECOH</a></li> <li><a href="/wiki/Fast_syndrome-based_hash" title="Fast syndrome-based hash">FSB</a></li> <li><a href="/wiki/Fugue_(hash_function)" title="Fugue (hash function)">Fugue</a></li> <li><a href="/wiki/GOST_(hash_function)" title="GOST (hash function)">GOST</a></li> <li><a href="/wiki/HAS-160" title="HAS-160">HAS-160</a></li> <li><a href="/wiki/HAVAL" title="HAVAL">HAVAL</a></li> <li><a href="/wiki/Kupyna" title="Kupyna">Kupyna</a></li> <li><a href="/wiki/LSH_(hash_function)" title="LSH (hash function)">LSH</a></li> <li><a href="/wiki/Lane_(hash_function)" title="Lane (hash function)">Lane</a></li> <li><a href="/wiki/MASH-1" title="MASH-1">MASH-1</a></li> <li><a href="/wiki/MASH-1#MASH2" title="MASH-1">MASH-2</a></li> <li><a href="/wiki/MD2_(hash_function)" title="MD2 (hash function)">MD2</a></li> <li><a href="/wiki/MD4" title="MD4">MD4</a></li> <li><a href="/wiki/MD6" title="MD6">MD6</a></li> <li><a href="/wiki/MDC-2" title="MDC-2">MDC-2</a></li> <li><a href="/wiki/N-hash" title="N-hash">N-hash</a></li> <li><a href="/wiki/RIPEMD" title="RIPEMD">RIPEMD</a></li> <li><a href="/wiki/RadioGat%C3%BAn" title="RadioGatún">RadioGatún</a></li> <li><a href="/wiki/SIMD_(hash_function)" title="SIMD (hash function)">SIMD</a></li> <li><a href="/wiki/SM3_(hash_function)" title="SM3 (hash function)">SM3</a></li> <li><a href="/wiki/SWIFFT" title="SWIFFT">SWIFFT</a></li> <li><a href="/wiki/Shabal" title="Shabal">Shabal</a></li> <li><a href="/wiki/Snefru" title="Snefru">Snefru</a></li> <li><a href="/wiki/Streebog" title="Streebog">Streebog</a></li> <li><a href="/wiki/Tiger_(hash_function)" title="Tiger (hash function)">Tiger</a></li> <li><a href="/wiki/Very_smooth_hash" title="Very smooth hash">VSH</a></li> <li><a href="/wiki/Whirlpool_(hash_function)" title="Whirlpool (hash function)">Whirlpool</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Password hashing/<br /><a href="/wiki/Key_stretching" title="Key stretching">key stretching</a> functions</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Argon2" title="Argon2">Argon2</a></li> <li><a href="/wiki/Balloon_hashing" title="Balloon hashing">Balloon</a></li> <li><a href="/wiki/Bcrypt" title="Bcrypt">bcrypt</a></li> <li><a href="/wiki/Catena_(cryptography)" class="mw-redirect" title="Catena (cryptography)">Catena</a></li> <li><a href="/wiki/Crypt_(C)" title="Crypt (C)">crypt</a></li> <li><a href="/wiki/LAN_Manager#LM_hash_details" title="LAN Manager">LM hash</a></li> <li><a href="/wiki/Lyra2" title="Lyra2">Lyra2</a></li> <li><a href="/wiki/Makwa_(cryptography)" class="mw-redirect" title="Makwa (cryptography)">Makwa</a></li> <li><a href="/wiki/PBKDF2" title="PBKDF2">PBKDF2</a></li> <li><a href="/wiki/Scrypt" title="Scrypt">scrypt</a></li> <li><a href="/wiki/Yescrypt" title="Yescrypt">yescrypt</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">General purpose<br /><a href="/wiki/Key_derivation_function" title="Key derivation function">key derivation functions</a></th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/HKDF" title="HKDF">HKDF</a></li> <li>KDF1/KDF2</li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Message_authentication_code" title="Message authentication code">MAC functions</a></th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/CBC-MAC" title="CBC-MAC">CBC-MAC</a></li> <li><a href="/wiki/Data_Authentication_Algorithm" title="Data Authentication Algorithm">DAA</a></li> <li><a href="/wiki/Galois_Message_Authentication_Code" class="mw-redirect" title="Galois Message Authentication Code">GMAC</a></li> <li><a href="/wiki/HMAC" title="HMAC">HMAC</a></li> <li><a href="/wiki/NMAC" class="mw-redirect" title="NMAC">NMAC</a></li> <li><a href="/wiki/One-key_MAC" title="One-key MAC">OMAC</a>/<a href="/wiki/One-key_MAC" title="One-key MAC">CMAC</a></li> <li><a href="/wiki/PMAC_(cryptography)" title="PMAC (cryptography)">PMAC</a></li> <li><a href="/wiki/Poly1305" title="Poly1305">Poly1305</a></li> <li><a href="/wiki/SipHash" title="SipHash">SipHash</a></li> <li><a href="/wiki/UMAC_(cryptography)" title="UMAC (cryptography)">UMAC</a></li> <li><a href="/wiki/VMAC" title="VMAC">VMAC</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Authenticated_encryption" title="Authenticated encryption">Authenticated<br />encryption</a> modes</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/CCM_mode" title="CCM mode">CCM</a></li> <li><a href="/wiki/ChaCha20-Poly1305" title="ChaCha20-Poly1305">ChaCha20-Poly1305</a></li> <li><a href="/wiki/CWC_mode" title="CWC mode">CWC</a></li> <li><a href="/wiki/EAX_mode" title="EAX mode">EAX</a></li> <li><a href="/wiki/Galois/Counter_Mode" title="Galois/Counter Mode">GCM</a></li> <li><a href="/wiki/IAPM_(mode)" title="IAPM (mode)">IAPM</a></li> <li><a href="/wiki/OCB_mode" title="OCB mode">OCB</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Attacks</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Collision_attack" title="Collision attack">Collision attack</a></li> <li><a href="/wiki/Preimage_attack" title="Preimage attack">Preimage attack</a></li> <li><a href="/wiki/Birthday_attack" title="Birthday attack">Birthday attack</a></li> <li><a href="/wiki/Brute-force_attack" title="Brute-force attack">Brute-force attack</a></li> <li><a href="/wiki/Rainbow_table" title="Rainbow table">Rainbow table</a></li> <li><a href="/wiki/Side-channel_attack" title="Side-channel attack">Side-channel attack</a></li> <li><a href="/wiki/Length_extension_attack" title="Length extension attack">Length extension attack</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Design</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Avalanche_effect" title="Avalanche effect">Avalanche effect</a></li> <li><a href="/wiki/Hash_collision" title="Hash collision">Hash collision</a></li> <li><a href="/wiki/Merkle%E2%80%93Damg%C3%A5rd_construction" title="Merkle–Damgård construction">Merkle–Damgård construction</a></li> <li><a href="/wiki/Sponge_function" title="Sponge function">Sponge function</a></li> <li><a href="/wiki/HAIFA_construction" title="HAIFA construction">HAIFA construction</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Standardization</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/CAESAR_Competition" title="CAESAR Competition">CAESAR Competition</a></li> <li><a href="/wiki/CRYPTREC" title="CRYPTREC">CRYPTREC</a></li> <li><a href="/wiki/NESSIE" title="NESSIE">NESSIE</a></li> <li><a href="/wiki/NIST_hash_function_competition" title="NIST hash function competition">NIST hash function competition</a></li> <li><a href="/wiki/Password_Hashing_Competition" title="Password Hashing Competition">Password Hashing Competition</a></li> <li><a href="/wiki/NSA_Suite_B_Cryptography" title="NSA Suite B Cryptography">NSA Suite B</a></li> <li><a href="/wiki/Commercial_National_Security_Algorithm_Suite" title="Commercial National Security Algorithm Suite">CNSA</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Utilization</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Post-quantum_cryptography#Hash-based_cryptography" title="Post-quantum cryptography">Hash-based cryptography</a></li> <li><a href="/wiki/Merkle_tree" title="Merkle tree">Merkle tree</a></li> <li><a href="/wiki/Message_authentication" title="Message authentication">Message authentication</a></li> <li><a href="/wiki/Proof_of_work" title="Proof of work">Proof of work</a></li> <li><a href="/wiki/Salt_(cryptography)" title="Salt (cryptography)">Salt</a></li> <li><a href="/wiki/Pepper_(cryptography)" title="Pepper (cryptography)">Pepper</a></li></ul> </div></td></tr></tbody></table><div></div></td></tr></tbody></table><div></div></td></tr><tr><td colspan="2" class="navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"></div><table class="nowraplinks mw-collapsible mw-collapsed navbox-subgroup" style="border-spacing:0"><tbody><tr><th scope="col" class="navbox-title" colspan="2"><div class="navbar plainlinks hlist navbar-mini"><ul><li class="nv-view"><a href="/wiki/Template:Cryptography_navbox" title="Template:Cryptography navbox"><abbr title="View this template">v</abbr></a></li><li class="nv-talk"><a href="/wiki/Template_talk:Cryptography_navbox" title="Template talk:Cryptography navbox"><abbr title="Discuss this template">t</abbr></a></li><li class="nv-edit"><a href="/wiki/Special:EditPage/Template:Cryptography_navbox" title="Special:EditPage/Template:Cryptography navbox"><abbr title="Edit this template">e</abbr></a></li></ul></div><div id="Cryptography" style="font-size:114%;margin:0 4em"><a href="/wiki/Cryptography" title="Cryptography">Cryptography</a></div></th></tr><tr><th scope="row" class="navbox-group" style="width:1%">General</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/History_of_cryptography" title="History of cryptography">History of cryptography</a></li> <li><a href="/wiki/Outline_of_cryptography" title="Outline of cryptography">Outline of cryptography</a></li> <li><a href="/wiki/Classical_cipher" title="Classical cipher">Classical cipher</a></li> <li><a href="/wiki/Cryptographic_protocol" title="Cryptographic protocol">Cryptographic protocol</a> <ul><li><a href="/wiki/Authentication_protocol" title="Authentication protocol">Authentication protocol</a></li></ul></li> <li><a href="/wiki/Cryptographic_primitive" title="Cryptographic primitive">Cryptographic primitive</a></li> <li><a href="/wiki/Cryptanalysis" title="Cryptanalysis">Cryptanalysis</a></li> <li><a href="/wiki/Cryptocurrency" title="Cryptocurrency">Cryptocurrency</a></li> <li><a href="/wiki/Cryptosystem" title="Cryptosystem">Cryptosystem</a></li> <li><a href="/wiki/Cryptographic_nonce" title="Cryptographic nonce">Cryptographic nonce</a></li> <li><a href="/wiki/Cryptovirology" title="Cryptovirology">Cryptovirology</a></li> <li><a href="/wiki/Hash_function" title="Hash function">Hash function</a> <ul><li><a href="/wiki/Cryptographic_hash_function" title="Cryptographic hash function">Cryptographic hash function</a></li> <li><a href="/wiki/Key_derivation_function" title="Key derivation function">Key derivation function</a></li> <li><a href="/wiki/Secure_Hash_Algorithms" title="Secure Hash Algorithms">Secure Hash Algorithms</a></li></ul></li> <li><a href="/wiki/Digital_signature" title="Digital signature">Digital signature</a></li> <li><a href="/wiki/Kleptography" title="Kleptography">Kleptography</a></li> <li><a href="/wiki/Key_(cryptography)" title="Key (cryptography)">Key (cryptography)</a></li> <li><a href="/wiki/Key_exchange" title="Key exchange">Key exchange</a></li> <li><a href="/wiki/Key_generator" title="Key generator">Key generator</a></li> <li><a href="/wiki/Key_schedule" title="Key schedule">Key schedule</a></li> <li><a href="/wiki/Key_stretching" title="Key stretching">Key stretching</a></li> <li><a href="/wiki/Keygen" title="Keygen">Keygen</a></li> <li><a href="/wiki/Template:Cryptography_machines" title="Template:Cryptography machines">Machines</a></li> <li><a href="/wiki/Cryptojacking_malware" class="mw-redirect" title="Cryptojacking malware">Cryptojacking malware</a></li> <li><a href="/wiki/Ransomware" title="Ransomware">Ransomware</a></li> <li><a href="/wiki/Random_number_generation" title="Random number generation">Random number generation</a> <ul><li><a href="/wiki/Cryptographically_secure_pseudorandom_number_generator" title="Cryptographically secure pseudorandom number generator">Cryptographically secure pseudorandom number generator</a> (CSPRNG)</li></ul></li> <li><a href="/wiki/Pseudorandom_noise" title="Pseudorandom noise">Pseudorandom noise</a> (PRN)</li> <li><a href="/wiki/Secure_channel" title="Secure channel">Secure channel</a></li> <li><a href="/wiki/Insecure_channel" class="mw-redirect" title="Insecure channel">Insecure channel</a></li> <li><a href="/wiki/Subliminal_channel" title="Subliminal channel">Subliminal channel</a></li> <li><a href="/wiki/Encryption" title="Encryption">Encryption</a></li> <li><a href="/wiki/Decryption" class="mw-redirect" title="Decryption">Decryption</a></li> <li><a href="/wiki/End-to-end_encryption" title="End-to-end encryption">End-to-end encryption</a></li> <li><a href="/wiki/Harvest_now,_decrypt_later" title="Harvest now, decrypt later">Harvest now, decrypt later</a></li> <li><a href="/wiki/Information-theoretic_security" title="Information-theoretic security">Information-theoretic security</a></li> <li><a href="/wiki/Plaintext" title="Plaintext">Plaintext</a></li> <li><a href="/wiki/Codetext" class="mw-redirect" title="Codetext">Codetext</a></li> <li><a href="/wiki/Ciphertext" title="Ciphertext">Ciphertext</a></li> <li><a href="/wiki/Shared_secret" title="Shared secret">Shared secret</a></li> <li><a href="/wiki/Trapdoor_function" title="Trapdoor function">Trapdoor function</a></li> <li><a href="/wiki/Trusted_timestamping" title="Trusted timestamping">Trusted timestamping</a></li> <li><a href="/wiki/Key-based_routing" title="Key-based routing">Key-based routing</a></li> <li><a href="/wiki/Onion_routing" title="Onion routing">Onion routing</a></li> <li><a href="/wiki/Garlic_routing" title="Garlic routing">Garlic routing</a></li> <li><a href="/wiki/Kademlia" title="Kademlia">Kademlia</a></li> <li><a href="/wiki/Mix_network" title="Mix network">Mix network</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Mathematics</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Cryptographic_hash_function" title="Cryptographic hash function">Cryptographic hash function</a></li> <li><a href="/wiki/Block_cipher" title="Block cipher">Block cipher</a></li> <li><a href="/wiki/Stream_cipher" title="Stream cipher">Stream cipher</a></li> <li><a href="/wiki/Symmetric-key_algorithm" title="Symmetric-key algorithm">Symmetric-key algorithm</a></li> <li><a href="/wiki/Authenticated_encryption" title="Authenticated encryption">Authenticated encryption</a></li> <li><a href="/wiki/Public-key_cryptography" title="Public-key cryptography">Public-key cryptography</a></li> <li><a href="/wiki/Quantum_key_distribution" title="Quantum key distribution">Quantum key distribution</a></li> <li><a href="/wiki/Quantum_cryptography" title="Quantum cryptography">Quantum cryptography</a></li> <li><a href="/wiki/Post-quantum_cryptography" title="Post-quantum cryptography">Post-quantum cryptography</a></li> <li><a href="/wiki/Message_authentication_code" title="Message authentication code">Message authentication code</a></li> <li><a href="/wiki/Cryptographically_secure_pseudorandom_number_generator" title="Cryptographically secure pseudorandom number generator">Random numbers</a></li> <li><a href="/wiki/Steganography" title="Steganography">Steganography</a></li></ul> </div></td></tr><tr><td class="navbox-abovebelow" colspan="2"><div> <ul><li><span class="noviewer" typeof="mw:File"><span title="Category"><img alt="" src="//upload.wikimedia.org/wikipedia/en/thumb/9/96/Symbol_category_class.svg/16px-Symbol_category_class.svg.png" decoding="async" width="16" height="16" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/en/thumb/9/96/Symbol_category_class.svg/23px-Symbol_category_class.svg.png 1.5x, //upload.wikimedia.org/wikipedia/en/thumb/9/96/Symbol_category_class.svg/31px-Symbol_category_class.svg.png 2x" data-file-width="180" data-file-height="185" /></span></span> <a href="/wiki/Category:Cryptography" title="Category:Cryptography">Category</a></li></ul> </div></td></tr></tbody></table><div></div></td></tr></tbody></table></div> <!-- NewPP limit report Parsed by mw‐web.codfw.main‐f69cdc8f6‐gdkxt Cached time: 20241122140635 Cache expiry: 2592000 Reduced expiry: false Complications: [vary‐revision‐sha1, show‐toc] CPU time usage: 0.824 seconds Real time usage: 1.031 seconds Preprocessor visited node count: 5317/1000000 Post‐expand include size: 215245/2097152 bytes Template argument size: 5399/2097152 bytes Highest expansion depth: 18/100 Expensive parser function count: 8/500 Unstrip recursion depth: 1/20 Unstrip post‐expand size: 246985/5000000 bytes Lua time usage: 0.470/10.000 seconds Lua memory usage: 7491010/52428800 bytes Number of Wikibase entities loaded: 0/400 --> <!-- Transclusion expansion time report (%,ms,calls,template) 100.00% 844.283 1 -total 46.10% 389.214 1 Template:Reflist 17.98% 151.768 44 Template:Cite_web 11.92% 100.674 4 Template:Navbox 10.16% 85.739 1 Template:Cite_thesis 9.73% 82.114 2 Template:Infobox 8.95% 75.576 1 Template:SHA-box 8.06% 68.036 1 Template:Cryptography_navbox 7.43% 62.744 1 Template:Short_description 4.60% 38.858 2 Template:Pagetype --> <!-- Saved in parser cache with key enwiki:pcache:idhash:26672-0!canonical and timestamp 20241122140635 and revision id 1252305876. Rendering was triggered because: page-view --> </div><!--esi <esi:include src="/esitest-fa8a495983347898/content" /> --><noscript><img src="https://login.wikimedia.org/wiki/Special:CentralAutoLogin/start?type=1x1" alt="" width="1" height="1" style="border: none; position: absolute;"></noscript> <div class="printfooter" data-nosnippet="">Retrieved from "<a dir="ltr" href="https://en.wikipedia.org/w/index.php?title=SHA-1&oldid=1252305876">https://en.wikipedia.org/w/index.php?title=SHA-1&oldid=1252305876</a>"</div></div> <div id="catlinks" class="catlinks" data-mw="interface"><div id="mw-normal-catlinks" class="mw-normal-catlinks"><a href="/wiki/Help:Category" title="Help:Category">Categories</a>: <ul><li><a href="/wiki/Category:Cryptographic_hash_functions" title="Category:Cryptographic hash functions">Cryptographic hash functions</a></li><li><a href="/wiki/Category:Broken_hash_functions" title="Category:Broken hash functions">Broken hash functions</a></li><li><a href="/wiki/Category:Checksum_algorithms" title="Category:Checksum algorithms">Checksum algorithms</a></li><li><a href="/wiki/Category:National_Security_Agency_cryptography" title="Category:National Security Agency cryptography">National Security Agency cryptography</a></li></ul></div><div id="mw-hidden-catlinks" class="mw-hidden-catlinks mw-hidden-cats-hidden">Hidden categories: <ul><li><a href="/wiki/Category:Webarchive_template_wayback_links" title="Category:Webarchive template wayback links">Webarchive template wayback links</a></li><li><a href="/wiki/Category:Articles_with_short_description" title="Category:Articles with short description">Articles with short description</a></li><li><a href="/wiki/Category:Short_description_matches_Wikidata" title="Category:Short description matches Wikidata">Short description matches Wikidata</a></li><li><a href="/wiki/Category:Articles_containing_potentially_dated_statements_from_2020" title="Category:Articles containing potentially dated statements from 2020">Articles containing potentially dated statements from 2020</a></li><li><a href="/wiki/Category:All_articles_containing_potentially_dated_statements" title="Category:All articles containing potentially dated statements">All articles containing potentially dated statements</a></li><li><a href="/wiki/Category:All_articles_with_specifically_marked_weasel-worded_phrases" title="Category:All articles with specifically marked weasel-worded phrases">All articles with specifically marked weasel-worded phrases</a></li><li><a href="/wiki/Category:Articles_with_specifically_marked_weasel-worded_phrases_from_September_2015" title="Category:Articles with specifically marked weasel-worded phrases from September 2015">Articles with specifically marked weasel-worded phrases from September 2015</a></li><li><a href="/wiki/Category:Articles_containing_potentially_dated_statements_from_2013" title="Category:Articles containing potentially dated statements from 2013">Articles containing potentially dated statements from 2013</a></li><li><a href="/wiki/Category:All_articles_with_dead_external_links" title="Category:All articles with dead external links">All articles with dead external links</a></li><li><a href="/wiki/Category:Articles_with_dead_external_links_from_April_2018" title="Category:Articles with dead external links from April 2018">Articles with dead external links from April 2018</a></li><li><a href="/wiki/Category:Articles_with_permanently_dead_external_links" title="Category:Articles with permanently dead external links">Articles with permanently dead external links</a></li><li><a href="/wiki/Category:Articles_with_example_pseudocode" title="Category:Articles with example pseudocode">Articles with example pseudocode</a></li></ul></div></div> </div> </main> </div> <div class="mw-footer-container"> <footer id="footer" class="mw-footer" > <ul id="footer-info"> <li id="footer-info-lastmod"> This page was last edited on 20 October 2024, at 19:28<span class="anonymous-show"> (UTC)</span>.</li> <li id="footer-info-copyright">Text is available under the <a href="/wiki/Wikipedia:Text_of_the_Creative_Commons_Attribution-ShareAlike_4.0_International_License" title="Wikipedia:Text of the Creative Commons Attribution-ShareAlike 4.0 International License">Creative Commons Attribution-ShareAlike 4.0 License</a>; additional terms may apply. By using this site, you agree to the <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Terms_of_Use" class="extiw" title="foundation:Special:MyLanguage/Policy:Terms of Use">Terms of Use</a> and <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy" class="extiw" title="foundation:Special:MyLanguage/Policy:Privacy policy">Privacy Policy</a>. Wikipedia® is a registered trademark of the <a rel="nofollow" class="external text" href="https://wikimediafoundation.org/">Wikimedia Foundation, Inc.</a>, a non-profit organization.</li> </ul> <ul id="footer-places"> <li id="footer-places-privacy"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy">Privacy policy</a></li> <li id="footer-places-about"><a href="/wiki/Wikipedia:About">About Wikipedia</a></li> <li id="footer-places-disclaimers"><a href="/wiki/Wikipedia:General_disclaimer">Disclaimers</a></li> <li id="footer-places-contact"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us">Contact Wikipedia</a></li> <li id="footer-places-wm-codeofconduct"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Universal_Code_of_Conduct">Code of Conduct</a></li> <li id="footer-places-developers"><a href="https://developer.wikimedia.org">Developers</a></li> <li id="footer-places-statslink"><a href="https://stats.wikimedia.org/#/en.wikipedia.org">Statistics</a></li> <li id="footer-places-cookiestatement"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Cookie_statement">Cookie statement</a></li> <li id="footer-places-mobileview"><a href="//en.m.wikipedia.org/w/index.php?title=SHA-1&mobileaction=toggle_view_mobile" class="noprint stopMobileRedirectToggle">Mobile view</a></li> </ul> <ul id="footer-icons" class="noprint"> <li id="footer-copyrightico"><a href="https://wikimediafoundation.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/static/images/footer/wikimedia-button.svg" width="84" height="29" alt="Wikimedia Foundation" loading="lazy"></a></li> <li id="footer-poweredbyico"><a href="https://www.mediawiki.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/w/resources/assets/poweredby_mediawiki.svg" alt="Powered by MediaWiki" width="88" height="31" loading="lazy"></a></li> </ul> </footer> </div> </div> </div> <div class="vector-settings" id="p-dock-bottom"> <ul></ul> </div><script>(RLQ=window.RLQ||[]).push(function(){mw.config.set({"wgHostname":"mw-web.codfw.main-f69cdc8f6-rmdbt","wgBackendResponseTime":172,"wgPageParseReport":{"limitreport":{"cputime":"0.824","walltime":"1.031","ppvisitednodes":{"value":5317,"limit":1000000},"postexpandincludesize":{"value":215245,"limit":2097152},"templateargumentsize":{"value":5399,"limit":2097152},"expansiondepth":{"value":18,"limit":100},"expensivefunctioncount":{"value":8,"limit":500},"unstrip-depth":{"value":1,"limit":20},"unstrip-size":{"value":246985,"limit":5000000},"entityaccesscount":{"value":0,"limit":400},"timingprofile":["100.00% 844.283 1 -total"," 46.10% 389.214 1 Template:Reflist"," 17.98% 151.768 44 Template:Cite_web"," 11.92% 100.674 4 Template:Navbox"," 10.16% 85.739 1 Template:Cite_thesis"," 9.73% 82.114 2 Template:Infobox"," 8.95% 75.576 1 Template:SHA-box"," 8.06% 68.036 1 Template:Cryptography_navbox"," 7.43% 62.744 1 Template:Short_description"," 4.60% 38.858 2 Template:Pagetype"]},"scribunto":{"limitreport-timeusage":{"value":"0.470","limit":"10.000"},"limitreport-memusage":{"value":7491010,"limit":52428800}},"cachereport":{"origin":"mw-web.codfw.main-f69cdc8f6-gdkxt","timestamp":"20241122140635","ttl":2592000,"transientcontent":false}}});});</script> <script type="application/ld+json">{"@context":"https:\/\/schema.org","@type":"Article","name":"SHA-1","url":"https:\/\/en.wikipedia.org\/wiki\/SHA-1","sameAs":"http:\/\/www.wikidata.org\/entity\/Q13414952","mainEntity":"http:\/\/www.wikidata.org\/entity\/Q13414952","author":{"@type":"Organization","name":"Contributors to Wikimedia projects"},"publisher":{"@type":"Organization","name":"Wikimedia Foundation, Inc.","logo":{"@type":"ImageObject","url":"https:\/\/www.wikimedia.org\/static\/images\/wmf-hor-googpub.png"}},"datePublished":"2001-09-21T18:31:56Z","dateModified":"2024-10-20T19:28:24Z","headline":"cryptographic hash function"}</script> </body> </html>