Federal Information
Processing Standards Publication 180-2
2002 August 1
Announcing the
SECURE HASH STANDARD
Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National
Institute of Standards and Technology (NIST) after approval by the Secretary of Commerce
pursuant to Section 5131 of the Information Technology Management Reform Act of 1996
(Public Law 104-106), and the Computer Security Act of 1987 (Public Law 100-235).
1. Name of Standard: Secure Hash Signature Standard (SHS) (FIPS PUB 180-2).
2. Category of Standard: Computer Security Standard, Cryptography.
3. Explanation: This Standard specifies four secure hash algorithms - SHA-1, SHA-256,
SHA-384, and SHA-512 - for computing a condensed representation of electronic data
(message). When a message of any length < 2
64
bits (for SHA-1 and SHA-256) or < 2
128
bits (for
SHA-384 and SHA-512) is input to an algorithm, the result is an output called a message digest.
The message digests range in length from 160 to 512 bits, depending on the algorithm. Secure
hash algorithms are typically used with other cryptographic algorithms, such as digital signature
algorithms and keyed-hash message authentication codes, or in the generation of random
numbers (bits).
The four hash algorithms specified in this standard are called secure because, for a given
algorithm, it is computationally infeasible 1) to find a message that corresponds to a given
message digest, or 2) to find two different messages that produce the same message digest. Any
change to a message will, with a very high probability, result in a different message digest. This
will result in a verification failure when the secure hash algorithm is used with a digital signature
algorithm or a keyed-hash message authentication algorithm.
This standard supersedes FIPS 180-1, adding three algorithms that are capable of producing
larger message digests. The SHA-1 algorithm specified herein is the same algorithm that was
specified previously in FIPS 180-1, although some of the notation has been modified to be
consistent with the notation used in the SHA-256, SHA-384, and SHA-512 algorithms.
4. Approving Authority: Secretary of Commerce.
5. Maintenance Agency: U.S. Department of Commerce, National Institute of Standards and
Technology (NIST), Information Technology Laboratory (ITL).
Downloaded from http://www.everyspec.com
