What is SHA? What is SHA used for?

SHA stands for secure hashing algorithm. Secure Hash Algorithm (SHA) was developed in 1993 by the National Institute of Standards and Technology (NIST) and National Security Agency (NSA). SHA is a modified version of MD5 and used for hashing data and certificates. Hashing is similar to encryption, the only difference between hashing and encryption is that hashing is one-way, meaning once the data is hashed, the resulting hash digest cannot be cracked.

SHA works in such a way even if a single character of the message changed, then it will generate a different hash. This is referred to as the avalanche effect. This effect is important in cryptography, as it means even the slightest change in the input message completely changes the output. This will stop attackers from being able to understand what the hash digest originally said and telling the receiver of the message whether or not the message has been changed while in transit.

One of the most important parts of SHAs are that they are deterministic. This means that as long as the hash function used is known, any computer or user can recreate the hash digest. 

 

Different SHA Forms:

 

When learning about SHA forms, several different types of SHA are referenced. Examples of SHA names used are SHA-1, SHA-2, SHA-256, SHA-512, SHA-224, and SHA-384, but in actuality there are only two types: SHA-1 and SHA-2. The other larger numbers, like SHA-256, are just versions of SHA-2 that note the bit lengths of the SHA-2. SHA-1 was the original secure hashing algorithm, returning a 160-bit hash digest after hashing. SHA-1 is the first iteration of the algorithm, followed by SHA-2, which is seen as an improved and updated version of the first.

Can SHA-2 be cracked like SHA-1? The answer is yes. Due to the short length of the hash digest, SHA-1 is more easily brute forced than SHA-2, but SHA-2 can still be brute forced. Another issue of SHA-1 is that it can give the same hash digest to two different values, as the number of combinations that can be created with 160 bits is so small. SHA-2 on the other hand gives every digest a unique value, which is why all certificates are required to use SHA-2.

SHA-2 can produce a variety of bit-lengths, from 256 to 512 bit, allowing it to assign completely unique values to every hash digest created. Collisions occur when two values have the same hash digest. SHA-1 can easily create collisions, making it easier for attackers to get two matching digests and recreate the original plaintext Compared to SHA-1, SHA-2 is much more secure and has been required in all digital signatures and certificates since 2016. Common attacks like brute force attacks can take years or even decades to crack the hash digest, so SHA-2 is considered the most secure hash algorithm.

What are the different versions of SHA?

SHAs come in three forms: SHA-1, SHA-2, and SHA-256. SHA-1 is the first iteration of the algorithm, followed by SHA-2, which is seen as an improved and updated version of the first. SHA-256 is another name for SHA-2 and comes with a ton of bit-length variables stemming from the SHA-2 algorithm.

 

What SHA is used for and Why ?

Secure Hashing Algorithms are required in all digital signatures and certificates relating to SSL/TLS connections, but there are more uses to SHAs as well. Applications such as SSH, S-MIME (Secure / Multipurpose Internet Mail Extensions), and IPSec utilize SHAs as well.  SHAs are also used to hash passwords so that the server only needs to remember hashes rather than passwords. In this way, if an attacker steals the database containing all the hashes, they would not have direct access to all of the plaintext passwords, they would also need to find a way to crack the hashes to be able to use the passwords. SHAs can also work as indicators of a file’s integrity. If a file has been changed in transit, the resulting hash digest created from the hash function will not match the hash digest originally created and sent by the file’s owner.

A common reason to use a Secure Hashing Algorithm is their ability to stop attackers. Though some methods, like brute force attacks, can reveal the plaintext of the hash digests, these tactics are made extremely difficult by SHAs. A password hashed by a SHA-2 can take years, even decades to break, thus wasting resources and time on a simple password, which may turn many attackers away. Another reason to use SHAs is the uniqueness of all the hash digests. If SHA-2 is used, there will likely be few to no collisions, meaning a simple change of one word in a message would completely change the hash digest. Since there are few or no collisions, a pattern cannot be found to make breaking the Secure Hashing Algorithm easier for the attacker. These are just a few reasons why SHA is used so often.