Page 433 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 433
The Secure Hash Algorithm (SHA) and its successors, SHA-1, SHA-2,
and SHA-3, are government standard hash functions promoted by the
National Institute of Standards and Technology (NIST) and are
specified in an official government publication—the Secure Hash
Standard (SHS), also known as Federal Information Processing
Standard (FIPS) 180.
SHA-1 takes an input of virtually any length (in reality, there is an
upper bound of approximately 2,097,152 terabytes on the algorithm)
and produces a 160-bit message digest. The SHA-1 algorithm
processes a message in 512-bit blocks. Therefore, if the message length
is not a multiple of 512, the SHA algorithm pads the message with
additional data until the length reaches the next highest multiple of
512.
Cryptanalytic attacks demonstrated that there are weaknesses in the
SHA-1 algorithm. This led to the creation of SHA-2, which has four
variants:
SHA-256 produces a 256-bit message digest using a 512-bit block
size.
SHA-224 uses a truncated version of the SHA-256 hash to produce
a 224-bit message digest using a 512-bit block size.
SHA-512 produces a 512-bit message digest using a 1,024-bit block
size.
SHA-384 uses a truncated version of the SHA-512 hash to produce
a 384-bit digest using a 1,024-bit block size.
Although it might seem trivial, you should take the time to
memorize the size of the message digests produced by each one of
the hash algorithms described in this chapter.
The cryptographic community generally considers the SHA-2
algorithms secure, but they theoretically suffer from the same
weakness as the SHA-1 algorithm. In 2015, the federal government
