Cryptographically secure hash designed by NIST and the NSA for the Secure Hash Standard. SHA1 yields a 160 bit result.

Recent updates to this standard give a set of related hash algorithms with longer bit lengths. See sha2.

Don't Panic

Recent developments show that sha1 is no longer considered secure.,4902,99852,00.html?nlid=PM

PT 22-Feb-2005: While this is true it is not really a major problem for the application of SHA1 at this time. broken here is a cryptographic term that means that there is a method to obtain collisions with less work than the theoretical minimum. At this time it is possible to obtain collisions in SHA1 in 2**69 operations which is some orders of magnitude less than the 2**80 hash operations that is the amount of work required for a brute force attack. It is still a significant amount of work. For comparison, when using the MD5 message-digest we can expect collisions in 2**64 hash operations. So even a broken SHA1 is more secure than an unbroken MD5.

This does not mean all your certificates are void. This does not mean the end of the world as we know it. What it means is that new applications should consider using either a new message-digest algorithm or a longer digest. See sha2 for some longer versions. See ripemd for another algorithm.

Before you decide you have to upgrade all your hashes, you might like to consider the timing comparison given on the sha2 page too.


For what purposes is SHA1 used??

SHA is based upon the MD4 algorithm designed by Prof. R Rivest. Soon after the release of MD4 some weaknesses were found. While these have not been extended to break the full algorithm MD4 was enhanced by Rivest to create MD5. SHA is also an enhanced MD4 - but has different enhancements. These are an expand transformation, and extra round, and a faster avalanche effect. [BOOK: Applied Cryptography]

SHA might be used for any protocol where a secure one-way cryptographic hash is required. There are lots of such protocols in the literature.

SHA1 in tcllib

PT 21-Feb-2005: The tcllib implementation now supports incremental hashing of data and a critcl compiled extension that may be used to speed up the digest calculation. The critcl code uses a C implementation from NetBSD. If available, Trf may be used (where functional).

To incrementally hash data (for instance, while receiving one line at a time of a message):

  package require sha1 2
  set hash [sha1::SHA1Init]
  sha1::SHA1Update $hash $data
  ... repeat ad nauseam ...
  set result [sha1::SHA1Final $hash]


During testing of tcllib's sha1 2.0 it was discovered that the version 1 package had an error in the HMAC-SHA1 function for keys that require hashing (longer that 64 bytes). Any application using HMAC-SHA1 with tcllib sha1 1.n should ensure that they upgrade. (The sha1::sha1 and sha1::hmac functions still take the same parameters.)

PS 2Feb05: TEA has a sampleextension which is a SHA-1 implementation. Be careful with it, though, it does not function correctly on all platforms. The mingw (windows) build has an odd problem where some times the returned value is 2 characters short or a couple of pairs too long.

Here's how to use Tcl to produce an SHA1 over a string value:

  package require sha1

  set s "Hello, World"
  set sha1 [::sha1::sha1 [encoding convertto utf-8 $s]]

The same in Java looks like this:


  private static String convertToHex(byte[] data) {                                                                                  
        StringBuilder buf = new StringBuilder();
        for (byte b : data) {
            int halfbyte = (b >>> 4) & 0x0F;
            int two_halfs = 0;
            do {
                buf.append((0 <= halfbyte) && (halfbyte <= 9) ? (char) ('0' + halfbyte) : (char) ('a' + (halfbyte - 10)));
                halfbyte = b & 0x0F;
            } while (two_halfs++ < 1);
        return buf.toString();
    } // convertToHex

    public static String SHA1(String text) throws NoSuchAlgorithmException, UnsupportedEncodingException {
        MessageDigest md = MessageDigest.getInstance("SHA-1");
        byte ba[] = text.getBytes("UTF-8");
        md.update(ba, 0, ba.length);
        byte[] sha1hash = md.digest();
        return convertToHex(sha1hash);
    } // SHA1

    String s = "Hello, World";
    String sha1 = SHA1 (s);

See also