datatracker.ietf.org
Sign in
Version 5.13.0, 2015-03-25
Report a bug

US Secure Hash Algorithm 1 (SHA1)
RFC 3174

Document type: RFC - Informational (September 2001; Errata)
Updated by RFC 6234, RFC 4634
Was draft-eastlake-sha1 (individual)
Document stream: ISE
Last updated: 2013-03-02
Other versions: plain text, pdf, html

ISE State: (None)
Document shepherd: No shepherd assigned

IESG State: RFC 3174 (Informational)
Responsible AD: (None)
Send notices to: No addresses provided

Network Working Group                                   D. Eastlake, 3rd
Request for Comments: 3174                                      Motorola
Category: Informational                                         P. Jones
                                                           Cisco Systems
                                                          September 2001

                   US Secure Hash Algorithm 1 (SHA1)

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2001).  All Rights Reserved.

Abstract

   The purpose of this document is to make the SHA-1 (Secure Hash
   Algorithm 1) hash algorithm conveniently available to the Internet
   community.  The United States of America has adopted the SHA-1 hash
   algorithm described herein as a Federal Information Processing
   Standard.  Most of the text herein was taken by the authors from FIPS
   180-1.  Only the C code implementation is "original".

Acknowledgements

   Most of the text herein was taken from [FIPS 180-1].  Only the C code
   implementation is "original" but its style is similar to the
   previously published MD4 and MD5 RFCs [RFCs 1320, 1321].

   The SHA-1 is based on principles similar to those used by Professor
   Ronald L. Rivest of MIT when designing the MD4 message digest
   algorithm [MD4] and is modeled after that algorithm [RFC 1320].

   Useful comments from the following, which have been incorporated
   herein, are gratefully acknowledged:

      Tony Hansen
      Garrett Wollman

Eastlake & Jones             Informational                      [Page 1]
RFC 3174           US Secure Hash Algorithm 1 (SHA1)      September 2001

Table of Contents

   1. Overview of Contents...........................................  2
   2. Definitions of Bit Strings and Integers........................  3
   3. Operations on Words............................................  3
   4. Message Padding................................................  4
   5. Functions and Constants Used...................................  6
   6. Computing the Message Digest...................................  6
   6.1 Method 1......................................................  6
   6.2 Method 2......................................................  7
   7. C Code.........................................................  8
   7.1 .h file.......................................................  8
   7.2 .c file....................................................... 10
   7.3 Test Driver................................................... 18
   8. Security Considerations........................................ 20
   References........................................................ 21
   Authors' Addresses................................................ 21
   Full Copyright Statement.......................................... 22

1. Overview of Contents

   NOTE: The text below is mostly taken from [FIPS 180-1] and assertions
   therein of the security of SHA-1 are made by the US Government, the
   author of [FIPS 180-1], and not by the authors of this document.

   This document specifies a Secure Hash Algorithm, SHA-1, for computing
   a condensed representation of a message or a data file.  When a
   message of any length < 2^64 bits is input, the SHA-1 produces a
   160-bit output called a message digest.  The message digest can then,
   for example, be input to a signature algorithm which generates or
   verifies the signature for the message.  Signing the message digest
   rather than the message often improves the efficiency of the process
   because the message digest is usually much smaller in size than the
   message.  The same hash algorithm must be used by the verifier of a
   digital signature as was used by the creator of the digital
   signature.  Any change to the message in transit will, with very high
   probability, result in a different message digest, and the signature
   will fail to verify.

   The SHA-1 is called secure because it is computationally infeasible
   to find a message which corresponds to a given message digest, or to
   find two different messages which produce the same message digest.
   Any change to a message in transit will, with very high probability,
   result in a different message digest, and the signature will fail to
   verify.

Eastlake & Jones             Informational                      [Page 2]
RFC 3174           US Secure Hash Algorithm 1 (SHA1)      September 2001

   Section 2 below defines the terminology and functions used as
   building blocks to form SHA-1.

[include full document text]