Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
SHA-1
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===SHA-1 pseudocode=== [[Pseudocode]] for the SHA-1 algorithm follows: <span style="color: green;">''Note 1: All variables are unsigned 32-bit quantities and wrap modulo 2<sup>32</sup> when calculating, except for''</span> <span style="color: green;">''ml, the message length, which is a 64-bit quantity, and''</span> <span style="color: green;">''hh, the message digest, which is a 160-bit quantity.''</span> <span style="color: green;">''Note 2: All constants in this pseudo code are in [[endianness|big endian]].''</span> <span style="color: green;">''Within each word, the most significant byte is stored in the leftmost byte position''</span> <span style="color: green;">''Initialize variables:''</span> h0 = 0x67452301 h1 = 0xEFCDAB89 h2 = 0x98BADCFE h3 = 0x10325476 h4 = 0xC3D2E1F0 ml = message length in bits (always a multiple of the number of bits in a character). <span style="color: green;">''Pre-processing:''</span> append the bit '1' to the message e.g. by adding 0x80 if message length is a multiple of 8 bits. append 0 β€ k < 512 bits '0', such that the resulting message length in ''bits'' is [[modular arithmetic|congruent]] to β64 β‘ 448 (mod 512) append ml, the original message length in bits, as a 64-bit [[Endianness|big-endian]] integer. Thus, the total length is a multiple of 512 bits. <span style="color: green;">''Process the message in successive 512-bit chunks:''</span> break message into 512-bit chunks '''for''' each chunk break chunk into sixteen 32-bit big-endian words w[i], 0 β€ i β€ 15 <span style="color: green;">''Message schedule: extend the sixteen 32-bit words into eighty 32-bit words:''</span> '''for''' i '''from''' 16 to 79 <span style="color: green;">''Note 3: SHA-0 differs by not having this leftrotate.''</span> w[i] = (w[i-3] '''xor''' w[i-8] '''xor''' w[i-14] '''xor''' w[i-16]) '''[[Circular shift|leftrotate]]''' 1 <span style="color: green;">''Initialize hash value for this chunk:''</span> a = h0 b = h1 c = h2 d = h3 e = h4 <span style="color: green;">''Main loop:''</span><ref name=":0" /><ref>{{Cite web|url=http://www.faqs.org/rfcs/rfc3174.html|title=RFC 3174 - US Secure Hash Algorithm 1 (SHA1) (RFC3174)|website=www.faqs.org}}</ref> '''for''' i '''from''' 0 '''to''' 79 '''if''' 0 β€ i β€ 19 '''then''' f = (b '''and''' c) '''or''' (('''not''' b) '''and''' d) k = 0x5A827999 '''else if''' 20 β€ i β€ 39 f = b '''xor''' c '''xor''' d k = 0x6ED9EBA1 '''else if''' 40 β€ i β€ 59 f = (b '''and''' c) '''xor''' (b '''and''' d) '''xor''' (c '''and''' d) k = 0x8F1BBCDC '''else if''' 60 β€ i β€ 79 f = b '''xor''' c '''xor''' d k = 0xCA62C1D6 temp = (a '''leftrotate''' 5) + f + e + k + w[i] e = d d = c c = b '''leftrotate''' 30 b = a a = temp <span style="color: green;">''Add this chunk's hash to result so far:''</span> h0 = h0 + a h1 = h1 + b h2 = h2 + c h3 = h3 + d h4 = h4 + e <span style="color:green;">''Produce the final hash value (big-endian) as a 160-bit number:''</span> hh = (h0 '''leftshift''' 128) '''or''' (h1 '''leftshift''' 96) '''or''' (h2 '''leftshift''' 64) '''or''' (h3 '''leftshift''' 32) '''or''' h4 The number <code>hh</code> is the message digest, which can be written in hexadecimal (base 16). The chosen constant values used in the algorithm were assumed to be [[nothing up my sleeve number]]s: * The four round constants <code>k</code> are 2<sup>30</sup> times the square roots of 2, 3, 5 and 10. However they were incorrectly rounded to the nearest integer instead of being rounded to the nearest odd integer, with equilibrated proportions of zero and one bits. As well, choosing the square root of 10 (which is not a prime) made it a common factor for the two other chosen square roots of primes 2 and 5, with possibly usable arithmetic properties across successive rounds, reducing the strength of the algorithm against finding collisions on some bits. * The first four starting values for <code>h0</code> through <code>h3</code> are the same with the MD5 algorithm, and the fifth (for <code>h4</code>) is similar. However they were not properly verified for being resistant against inversion of the few first rounds to infer possible collisions on some bits, usable by multiblock differential attacks. Instead of the formulation from the original FIPS PUB 180-1 shown, the following equivalent expressions may be used to compute <code>f</code> in the main loop above: <span style="color: green;">''Bitwise choice between ''c'' and ''d'', controlled by ''b''.''</span> (0 β€ i β€ 19): f = d '''xor''' (b '''and''' (c '''xor''' d)) <span style="color: green;">''(alternative 1)''</span> (0 β€ i β€ 19): f = (b '''and''' c) '''or''' (('''not''' b) '''and''' d) <span style="color: green;">''(alternative 2)''</span> (0 β€ i β€ 19): f = (b '''and''' c) '''xor''' (('''not''' b) '''and''' d) <span style="color: green;">''(alternative 3)''</span> (0 β€ i β€ 19): f = vec_sel(d, c, b) <span style="color: green;">''(alternative 4)''</span> [premo08] <span style="color: green;">''Bitwise majority function.''</span> (40 β€ i β€ 59): f = (b '''and''' c) '''or''' (d '''and''' (b '''or''' c)) <span style="color: green;">''(alternative 1)''</span> (40 β€ i β€ 59): f = (b '''and''' c) '''or''' (d '''and''' (b '''xor''' c)) <span style="color: green;">''(alternative 2)''</span> (40 β€ i β€ 59): f = (b '''and''' c) '''xor''' (d '''and''' (b '''xor''' c)) <span style="color: green;">''(alternative 3)''</span> (40 β€ i β€ 59): f = (b '''and''' c) '''xor''' (b '''and''' d) '''xor''' (c '''and''' d) <span style="color: green;">''(alternative 4)''</span> (40 β€ i β€ 59): f = vec_sel(c, b, c '''xor''' d) <span style="color: green;">''(alternative 5)''</span> It was also shown<ref>{{Citation |first1=Max |last1=Locktyukhin |url=https://www.intel.com/content/www/us/en/developer/articles/technical/improving-the-performance-of-the-secure-hash-algorithm-1.html |title=Improving the Performance of the Secure Hash Algorithm (SHA-1) |journal=Intel Software Knowledge Base |date=2010-03-31 |access-date=2010-04-02}}</ref> that for the rounds 32β79 the computation of: w[i] = (w[i-3] '''xor''' w[i-8] '''xor''' w[i-14] '''xor''' w[i-16]) '''[[Circular shift|leftrotate]]''' 1 can be replaced with: w[i] = (w[i-6] '''xor''' w[i-16] '''xor''' w[i-28] '''xor''' w[i-32]) '''[[Circular shift|leftrotate]]''' 2 This transformation keeps all operands 64-bit aligned and, by removing the dependency of <code>w[i]</code> on <code>w[i-3]</code>, allows efficient SIMD implementation with a vector length of 4 like [[x86]] [[Streaming SIMD Extensions|SSE]] instructions.
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
SHA-1
(section)
Add topic
