|
SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the NSA. SHA stands for Secure Hash Algorithm. Cryptographic hash functions are mathematical operations run on digital data; by comparing the computed "hash" (the output from execution of the algorithm) to a known and expected hash value, a person can determine the data's integrity. For example, computing the hash of a downloaded file and comparing the result to a previously published hash result can show whether the download has been modified or tampered with.〔(【引用サイトリンク】title=Cryptographic Hash Function )〕 A key aspect of cryptographic hash functions is their collision resistance: nobody should be able to find two different input values that result in the same hash output. SHA-2 includes significant changes from its predecessor, SHA-1. The SHA-2 family consists of six hash functions with digests (hash values) that are 224, 256, 384 or 512 bits: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256. SHA-256 and SHA-512 are novel hash functions computed with 32-bit and 64-bit words, respectively. They use different shift amounts and additive constants, but their structures are otherwise virtually identical, differing only in the number of rounds. SHA-224 and SHA-384 are simply truncated versions of the first two, computed with different initial values. SHA-512/224 and SHA-512/256 are also truncated versions of SHA-512, but the initial values are generated using the method described in FIPS PUB 180-4. SHA-2 was published in 2001 by the NIST as a U.S. federal standard (FIPS). The SHA-2 family of algorithms are patented in . The United States has released the patent under a royalty-free license. In 2005, an algorithm emerged for finding SHA-1 collisions in about 2000-times fewer steps than was previously thought possible. Although (as of 2015) no example of a SHA-1 collision has been published yet, the security margin left by SHA-1 is weaker than intended, and its use is therefore no longer recommended for applications that depend on collision resistance, such as digital signatures. Although SHA-2 bears some similarity to the SHA-1 algorithm, these attacks have not been successfully extended to SHA-2. Currently, the best public attacks break preimage resistance 52 rounds of SHA-256 or 57 rounds of SHA-512, and collision resistance for 46 rounds of SHA-256, as shown in the '' Cryptanalysis and validation'' section below.〔〔 ==Hash standard== With the publication of FIPS PUB 180-2, NIST added three additional hash functions in the SHA family. The algorithms are collectively known as SHA-2, named after their digest lengths (in bits): SHA-256, SHA-384, and SHA-512. The algorithms were first published in 2001 in the draft FIPS PUB 180-2, at which time public review and comments were accepted. In August 2002, FIPS PUB 180-2 became the new Secure Hash Standard, replacing FIPS PUB 180-1, which was released in April 1995. The updated standard included the original SHA-1 algorithm, with updated technical notation consistent with that describing the inner workings of the SHA-2 family.〔Federal Register Notice 02-21599, (Announcing Approval of FIPS Publication 180-2 )〕 In February 2004, a change notice was published for FIPS PUB 180-2, specifying an additional variant, SHA-224, defined to match the key length of two-key Triple DES.〔(FIPS 180-2 with Change Notice 1 )〕 In October 2008, the standard was updated in FIPS PUB 180-3, including SHA-224 from the change notice, but otherwise making no fundamental changes to the standard. The primary motivation for updating the standard was relocating security information about the hash algorithms and recommendations for their use to Special Publications 800-107 and 800-57.〔Federal Register Notice E8-24743, (Announcing Approval of FIPS Publication 180-3 )〕〔FIPS SP 800-107 (Recommendation for Applications Using Approved Hash Algorithms )〕〔FIPS SP 800-57 (Recommendation for Key Management: Part 1: General )〕 Detailed test data and example message digests were also removed from the standard, and provided as separate documents.〔NIST Algorithm Examples, (Secure Hashing )〕 In January 2011, NIST published SP800-131A, which specified a move from the current minimum security of 80-bits (provided by SHA-1) allowable for federal government use until the end of 2013, with 112-bit security (provided by SHA-2) being the minimum requirement current thereafter, and the recommended security level from the publication date.〔FIPS SP 800-131A (Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths )〕 In March 2012, the standard was updated in FIPS PUB 180-4, adding the hash functions SHA-512/224 and SHA-512/256, and describing a method for generating initial values for truncated versions of SHA-512. Additionally, a restriction on padding the input data prior to hash calculation was removed, allowing hash data to be calculated simultaneously with content generation, such as a real-time video or audio feed. Padding the final data block must still occur prior to hash output.〔Federal Register Notice 2012-5400, (Announcing Approval of FIPS Publication 180-4 )〕 In July 2012, NIST revised SP800-57, which provides guidance for cryptographic key management. The publication disallows creation of digital signatures with a hash security lower than 112-bits after 2013. The previous revision from 2007 specified the cutoff to be the end of 2010.〔 In August 2012, NIST revised SP800-107 in the same manner.〔 The NIST hash function competition selected a new hash function, SHA-3, in 2012.〔(【引用サイトリンク】title=NIST Selects Winner of Secure Hash Algorithm (SHA-3) Competition )〕 The SHA-3 algorithm is not derived from SHA-2. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「SHA-2」の詳細全文を読む スポンサード リンク
|