Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Secure Hash Algorithms
open-in-new
<h2 id="comparison-of-sha-functions">Comparison of SHA functions</h2> <p>In the table below, <i>internal state</i> means the "internal hash sum" after each compression of a data block. </p> <p class="note">Further information: <a href="/facts/Merkle%25E2%2580%2593Damg%25C3%25A5rd_construction/nEuAJBAs">Merkle–Damgård construction</a></p> Comparison of SHA functions <ul><li>view</li><li>talk</li><li>edit</li></ul><table><tbody><tr><th colspan="2" rowspan="2">Algorithm and variant</th><th rowspan="2">Output size(bits)</th><th rowspan="2">Internal state size (bits)</th><th rowspan="2">Block size(bits)</th><th rowspan="2">Rounds</th><th rowspan="2">Operations</th><th rowspan="2">Security against <a href="/facts/Collision_attack/6aXFAMbW">collision attacks</a> (bits)</th><th rowspan="2">Security against <a href="/facts/Length_extension_attack/PvQtI1TD">length extension attacks</a> (bits)</th><th colspan="2">Performance on <a href="/facts/Skylake_(microarchitecture)/qpcDcebM">Skylake</a> (median <a href="/facts/Cycles_per_byte/Dc39822I">cpb</a>)<a class="footnote-ref" id="fnref:1" href="#fn:1"><sup>1</sup></a></th><th rowspan="2">First published</th></tr><tr><th>Long messages</th><th>8 bytes</th></tr><tr><td colspan="2"><a href="/facts/MD5/8WIXb9Dq">MD5</a> (as reference)</td><td>128</td><td>128(4 × 32)</td><td>512</td><td>4 (16 operations in each round)</td><td>And, Xor, Or, Rot, Add (mod 232)</td><td>≤ 18(collisions found)<a class="footnote-ref" id="fnref:2" href="#fn:2"><sup>2</sup></a></td><td>0</td><td>4.99</td><td>55.00</td><td>1992</td></tr><tr><td colspan="2"><a href="/facts/SHA-0/LDYCV1je">SHA-0</a></td><td rowspan="2">160</td><td rowspan="2">160(5 × 32)</td><td rowspan="2">512</td><td rowspan="2">80</td><td rowspan="2">And, Xor, Or, Rot, Add (mod 232)</td><td>< 34(collisions found)</td><td rowspan="2">0</td><td>≈ SHA-1</td><td>≈ SHA-1</td><td>1993</td></tr><tr><td colspan="2"><a href="/facts/SHA-1/LDYCV1je">SHA-1</a></td><td>< 63(collisions found)<a class="footnote-ref" id="fnref:3" href="#fn:3"><sup>3</sup></a></td><td>3.47</td><td>52.00</td><td>1995</td></tr><tr><td rowspan="4"><a href="/facts/SHA-2/P59oPeGq">SHA-2</a></td><td><i>SHA-224</i><i>SHA-256</i></td><td>224256</td><td>256(8 × 32)</td><td>512</td><td>64</td><td>And, Xor, Or, Rot, Shr, Add (mod 232)</td><td>112 128</td><td>32 0</td><td>7.627.63</td><td>84.5085.25</td><td>20042001</td></tr><tr><td><i>SHA-384</i></td><td>384</td><td rowspan="3">512(8 × 64)</td><td rowspan="3">1024</td><td rowspan="3">80</td><td rowspan="3">And, Xor, Or, Rot, Shr, Add (mod 264)</td><td>192</td><td>128</td><td>5.12</td><td>135.75</td><td>2001</td></tr><tr><td><i>SHA-512</i></td><td>512</td><td>256</td><td>0<a class="footnote-ref" id="fnref:4" href="#fn:4"><sup>4</sup></a></td><td>5.06</td><td>135.50</td><td>2001</td></tr><tr><td><i>SHA-512/224</i><i>SHA-512/256</i></td><td>224256</td><td>112128</td><td>288256</td><td>≈ SHA-384</td><td>≈ SHA-384</td><td>2012</td></tr><tr><td rowspan="2"><a href="/facts/SHA-3/bA3BCp7K">SHA-3</a></td><td><i>SHA3-224</i><i>SHA3-256</i><i>SHA3-384</i><i>SHA3-512</i></td><td>224256384512</td><td rowspan="2">1600(5 × 5 × 64)</td><td>11521088832576</td><td rowspan="2">24<a class="footnote-ref" id="fnref:5" href="#fn:5"><sup>5</sup></a></td><td rowspan="2">And, Xor, Rot, Not</td><td>112128192256</td><td>4485127681024</td><td>8.128.5911.0615.88</td><td>154.25155.50164.00164.00</td><td rowspan="2">2015</td></tr><tr><td><i>SHAKE128</i><i>SHAKE256</i></td><td><i>d</i> (arbitrary)<i>d</i> (arbitrary)</td><td>13441088</td><td>min(<i>d</i>/2, 128)min(<i>d</i>/2, 256)</td><td>256512</td><td>7.088.59</td><td>155.25155.50</td></tr></tbody></table> <h2 id="validation">Validation</h2> <p class="note">Main article: <a href="/facts/Cryptographic_Module_Validation_Program/gH8M6R8a">Cryptographic Module Validation Program</a></p> <p>All SHA-family algorithms, as FIPS-approved security functions, are subject to official validation by the <a href="/facts/Cryptographic_Module_Validation_Program/gH8M6R8a">CMVP</a> (Cryptographic Module Validation Program), a joint program run by the American <a href="/facts/National_Institute_of_Standards_and_Technology/gr9Fnh85">National Institute of Standards and Technology</a> (NIST) and the Canadian <a href="/facts/Communications_Security_Establishment/qBXhwSUN">Communications Security Establishment</a> (CSE). </p> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>"Measurements table". bench.cr.yp.to. <a href="http://bench.cr.yp.to/results-hash.html#amd64-skylake" target="_blank">http://bench.cr.yp.to/results-hash.html#amd64-skylake</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> <li id="fn:2"><p>Tao, Xie; Liu, Fanbao; Feng, Dengguo (2013). Fast Collision Attack on MD5 (PDF). Cryptology ePrint Archive (Technical report). IACR. <a href="https://eprint.iacr.org/2013/170.pdf" target="_blank">https://eprint.iacr.org/2013/170.pdf</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></p></li> <li id="fn:3"><p>Stevens, Marc; Bursztein, Elie; Karpman, Pierre; Albertini, Ange; Markov, Yarik. The first collision for full SHA-1 (PDF) (Technical report). Google Research. Marc Stevens; Elie Bursztein; Pierre Karpman; Ange Albertini; Yarik Markov; Alex Petit Bianco; Clement Baisse (February 23, 2017). "Announcing the first SHA1 collision". Google Security Blog. <a href="/wiki/Marc_Stevens_(cryptology)" target="_blank">/wiki/Marc_Stevens_(cryptology)</a> <a href="#fnref:3" class="footnote-back-ref">↩</a></p></li> <li id="fn:4"><p>Without truncation, the full internal state of the hash function is known, regardless of collision resistance. If the output is truncated, the removed part of the state must be searched for and found before the hash function can be resumed, allowing the attack to proceed. <a href="#fnref:4" class="footnote-back-ref">↩</a></p></li> <li id="fn:5"><p>"The Keccak sponge function family". Retrieved 2016-01-27. <a href="http://keccak.noekeon.org/specs_summary.html" target="_blank">http://keccak.noekeon.org/specs_summary.html</a> <a href="#fnref:5" class="footnote-back-ref">↩</a></p></li> </ol>