Secure Hash Algorithm
From Infogalactic: the planetary knowledge core
The Secure Hash Algorithm is a family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard (FIPS), including:
 SHA0: A retronym applied to the original version of the 160bit hash function published in 1993 under the name "SHA". It was withdrawn shortly after publication due to an undisclosed "significant flaw" and replaced by the slightly revised version SHA1.
 SHA1: A 160bit hash function which resembles the earlier MD5 algorithm. This was designed by the National Security Agency (NSA) to be part of the Digital Signature Algorithm. Cryptographic weaknesses were discovered in SHA1, and the standard was no longer approved for most cryptographic uses after 2010.
 SHA2: A family of two similar hash functions, with different block sizes, known as SHA256 and SHA512. They differ in the word size; SHA256 uses 32bit words where SHA512 uses 64bit words. There are also truncated versions of each standard, known as SHA224, SHA384, SHA512/224 and SHA512/256. These were also designed by the NSA.
 SHA3: A hash function formerly called Keccak, chosen in 2012 after a public competition among nonNSA designers. It supports the same hash lengths as SHA2, and its internal structure differs significantly from the rest of the SHA family.
The corresponding standards are FIPS PUB 180 (original SHA), FIPS PUB 1801 (SHA1), FIPS PUB 1802 (SHA1, SHA256, SHA384, and SHA512). NIST has updated Draft FIPS Publication 202, SHA3 Standard separate from the Secure Hash Standard (SHS).
Comparison of SHA functions
In the table below, internal state means the "internal hash sum" after each compression of a data block.
Algorithm and variant  Output size (bits) 
Internal state size (bits) 
Block size (bits) 
Max message size (bits) 
Rounds  Operations  Security (bits) 
Example performance^{[2]} (MiB/s) 


MD5 (as reference)  128  128 (4 × 32) 
512  Unlimited^{[3]}  64  And, Xor, Rot, Add (mod 2^{32}), Or  <64 (collisions found) 
335  
SHA0  160  160 (5 × 32) 
512  2^{64} − 1  80  And, Xor, Rot, Add (mod 2^{32}), Or  <80 (collisions found) 
  
SHA1  160  160 (5 × 32) 
512  2^{64} − 1  80  <80 (theoretical attack^{[4]}) 
192  
SHA2  SHA224 SHA256 
224 256 
256 (8 × 32) 
512  2^{64} − 1  64  And, Xor, Rot, Add (mod 2^{32}), Or, Shr  112 128 
139 
SHA384 SHA512 SHA512/224 SHA512/256 
384 512 224 256 
512 (8 × 64) 
1024  2^{128} − 1  80  And, Xor, Rot, Add (mod 2^{64}), Or, Shr  192 256 112 128 
154  
SHA3  SHA3224 SHA3256 SHA3384 SHA3512 
224 256 384 512 
1600 (5 × 5 × 64) 
1152 1088 832 576 
Unlimited^{[5]}  24^{[6]}  And, Xor, Rot, Not  112 128 192 256 
 
SHAKE128 SHAKE256 
d (arbitrary) d (arbitrary) 
1344 1088 
min(d/2, 128) min(d/2, 256) 
 
References
 ↑ "Crypto++ 5.6.0 Benchmarks". Retrieved 20130613.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
 ↑ Found on an AMD Opteron 8354 2.2 GHz processor running 64bit Linux^{[1]}
 ↑ "The MD5 MessageDigest Algorithm". Retrieved 20160418.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
 ↑ "The SHAppening: freestart collisions for SHA1". Retrieved 20151105.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
 ↑ "The Sponge Functions Corner". Retrieved 20160127.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
 ↑ "The Keccak sponge function family". Retrieved 20160127.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>