SHA-2

Secure Hash Algorithms
Secure Hash Algorithms
Concepts
	hash functions, SHA, DSA
Main standards
	SHA-0, SHA-1, SHA-2, SHA-3
	v; t; e;

SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001.^[1]^[2] They are built using the Merkle–Damgård construction, from a one-way compression function itself built using the Davies–Meyer structure from a specialized block cipher.

SHA-2 includes significant changes from its predecessor, SHA-1. The SHA-2 family consists of six hash functions with digests (hash values) that are 224, 256, 384 or 512 bits:^[3]

SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256. SHA-256 and SHA-512 are novel hash functions whose digests are eight 32-bit and 64-bit words, respectively. They use different shift amounts and additive constants, but their structures are otherwise virtually identical, differing only in the number of rounds. SHA-224 and SHA-384 are truncated versions of SHA-256 and SHA-512 respectively, computed with different initial values. SHA-512/224 and SHA-512/256 are also truncated versions of SHA-512, but the initial values are generated using the method described in Federal Information Processing Standards (FIPS) PUB 180-4.

SHA-2 was first published by the National Institute of Standards and Technology (NIST) as a U.S. federal standard. The SHA-2 family of algorithms are patented in the U.S.^[4] The United States has released the patent under a royalty-free license.^[3]

As of 2011, the best public attacks break preimage resistance for 52 out of 64 rounds of SHA-256 or 57 out of 80 rounds of SHA-512, and collision resistance for 46 out of 64 rounds of SHA-256.^[5]^[6]

^ Penard, Wouter; van Werkhoven, Tim. "On the Secure Hash Algorithm family" (PDF). staff.science.uu.nl. Archived from the original (PDF) on 2016-03-30.
^ Cite error: The named reference :0 was invoked but never defined (see the help page).
^ ^a ^b "IPR Details: The United States of America as represented by the National Security Agency's general license statement". IETF Datatracker. 858. Archived from the original on 2016-06-16. Retrieved 2008-02-17.
^ US 6829355, Lilly, Glenn M., "Device for and method of one-way cryptographic hashing", published 2004-12-07, assigned to National Security Agency
^ Cite error: The named reference preimage-khov was invoked but never defined (see the help page).
^ Cite error: The named reference collision-lamberger was invoked but never defined (see the help page).

[1] Penard, Wouter; van Werkhoven, Tim. "On the Secure Hash Algorithm family" (PDF). staff.science.uu.nl. Archived from the original (PDF) on 2016-03-30.

[:0-2] Cite error: The named reference :0 was invoked but never defined (see the help page).

[:1-3] "IPR Details: The United States of America as represented by the National Security Agency's general license statement". IETF Datatracker. 858. Archived from the original on 2016-06-16. Retrieved 2008-02-17.

[4] US 6829355, Lilly, Glenn M., "Device for and method of one-way cryptographic hashing", published 2004-12-07, assigned to National Security Agency

[preimage-khov-5] Cite error: The named reference preimage-khov was invoked but never defined (see the help page).

[collision-lamberger-6] Cite error: The named reference collision-lamberger was invoked but never defined (see the help page).

[1]

[2]

[3]

[4]

[5]

[6]