fip180-1.txt

sha密码检验的示例 希望对大家有 帮助

http://www.itl.nist.gov/fipspubs/fip180-1.htm  (Web version)
http://csrc.nist.gov/fips/fip180-1.txt         (this file)


FIPS PUB 180-1

FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION
(Supersedes FIPS PUB 180 - 1993 May 11)

1995 April 17  

U.S. DEPARTMENT OF COMMERCE/National Institute of Standards and Technology

                      SECURE HASH STANDARD

   /*** NOTE: NOT OFFICIAL. HARD COPY IS THE OFFICIAL VERSION.
        ^ is used for exponentiation or superscript. ***/

                  CATEGORY:  COMPUTER SECURITY

    U.S. DEPARTMENT OF COMMERCE, Ronald H. Brown, Secretary
         NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

	 		     Foreword

    The Federal Information Processing Standards Publication Series
of the National Institute of Standards and Technology (NIST) is the
official series of publications relating to standards and guidelines 
adopted and promulgated under the provisions of Section 111(d) of the 
Federal Property and Administrative Services Act of 1949 as amended by 
the Computer Security Act of 1987, Public Law 100-235.  These mandates 
have given the Secretary of Commerce and NIST important responsibilities 
for improving the utilization and management of computer and related 
telecommunications systems in the Federal Government.  The NIST, through 
the Computer Systems Laboratory, provides leadership, technical guidance, 
and coordination of Government efforts in the development of standards
and guidelines in these areas. 

    Comments concerning Federal Information Processing Standards
Publications are welcomed and should be addressed to the Director,
Computer Systems Laboratory, National Institute of Standards and
Technology, Gaithersburg, MD 20899.

                           		James H. Burrows, Director
					Computer Systems Laboratory

			     Abstract

    This standard specifies a Secure Hash Algorithm (SHA-1) which can
be used to generate a condensed representation of a message called a 
message digest.  The SHA-1 is required for use with the Digital Signature 
Algorithm (DSA) as specified in the Digital Signature Standard (DSS) and 
whenever a secure hash algorithm is required for Federal applications.
The SHA-1 is used by both the transmitter and intended receiver of a 
message in computing and verifying a digital signature.

Key words:  computer security; digital signatures; Federal Information 
Processing Standard (FIPS); hash algorithm.


FIPS PUB 180-1 

                          Federal Information
                  Processing Standards Publication 180-1 

                            1995 APRIL 17

                            ANNOUNCING THE 

                         SECURE HASH STANDARD

Federal Information Processing Standards Publications (FIPS PUBS) are 
issued by the National Institute of Standards and Technology (NIST) after 
approval by the Secretary of Commerce pursuant to Section 111(d) of the 
Federal Property and Administrative Services Act of 1949 as amended by the 
Computer Security Act of 1987, Public Law 100-235.

Name of Standard:  Secure Hash Standard.

Category of Standard:  Computer Security.

Explanation:  This Standard specifies a Secure Hash Algorithm, SHA-1,
for computing a condensed representation of a message or a data file. When 
a message of any length < 2^64 bits is input, the SHA-1 produces a 160-bit 
output called a message digest.  The message digest can then be input to 
the Digital Signature Algorithm (DSA) which generates or verifies the 
signature for the message.  Signing the message digest rather than the 
message often improves the efficiency of the process because the message 
digest is usually much smaller in size than the message.  The same hash 
algorithm must be used by the verifier of a digital signature as was used 
by the creator of the digital signature.  

The SHA-1 is called secure because it is computationally infeasible to find 
a message which corresponds to a given message digest, or to find two 
different messages which produce the same message digest.  Any change to a 
message in transit will, with very high probability, result in a different 
message digest, and the signature will fail to verify.  SHA-1 is a technical 
revision of SHA (FIPS 180).  A circular left shift operation has been added 
to the specifications in section 7, line b, page 9 of FIPS 180 and its 
equivalent in section 8, line c, page 10 of FIPS 180.  This revision improves
the security provided by this standard.  The SHA-1 is based on principles
similar to those used by Professor Ronald L. Rivest of MIT when designing 
the MD4 message digest algorithm ("The MD4 Message Digest Algorithm," 
Advances in Cryptology - CRYPTO '90 Proceedings, Springer-Verlag, 1991, 
pp. 303-311), and is closely modelled after that algorithm.

Approving Authority:  Secretary of Commerce.

Maintenance Agency:  U.S. Department of Commerce, National Institute of 
Standards and Technology, Computer Systems Laboratory.

Applicability:  This standard is applicable to all Federal departments and 
agencies for the protection of unclassified information that is not subject
to section 2315 of Title 10, United States Code, or section 3502(2) of Title
44, United States Code.  This standard is required for use with the Digital
Signature Algorithm (DSA) as specified in the Digital Signature Standard
(DSS) and whenever a secure hash algorithm is required for Federal applica-
tions.  Private and commercial organizations are encouraged to adopt and use
this standard. 

Applications:  The SHA-1 may be used with the DSA in electronic mail, 
electronic funds transfer, software distribution, data storage, and other 
applications which require data integrity assurance and data origin 
authentication.  The SHA-1 may also be used whenever it is necessary to 
generate a condensed version of a message.

Implementations:  The SHA-1 may be implemented in software, firmware,
hardware, or any combination thereof.  Only implementations of the SHA-1 
that are validated by NIST will be considered as complying with this 
standard.  Information about the requirements for validating implementations
of this standard can be obtained from the National Institute of Standards 
and Technology, Computer Systems Laboratory, Attn: SHS Validation, 
Gaithersburg, MD 20899.

Export Control:  Implementations of this standard are subject to Federal
Government export controls as specified in Title 15, Code of Federal 
Regulations, Parts 768 through 799.  Exporters are advised to contact the
Department of Commerce, Bureau of Export Administration for more information.

Patents:  Implementations of the SHA-1 in this standard may be covered
by U.S. and foreign patents.

Implementation Schedule:  This standard becomes effective October 2, 1995.

Specifications:  Federal Information Processing Standard (FIPS 180-1)
Secure Hash Standard (affixed).

Cross Index:

   a. FIPS PUB 46-2, Data Encryption Standard.

   b. FIPS PUB 73, Guidelines for Security of Computer Applications.

   c. FIPS PUB 140-1, Security Requirements for Cryptographic Modules.

   d. FIPS PUB 186, Digital Signature Standard.
   
   e. Federal Informations Resources Management Regulations (FIRMR) subpart
      201.20.303, Standards, and subpart 201.39.1002, Federal Standards.

Objectives:  The objectives of this standard are to:

   a. Specify the secure hash algorithm required for use with the Digital 
      Signature Standard (FIPS 186)  in the generation and verification of 
      digital signatures;

   b. Specify the secure hash algorithm to be used whenever a secure hash 
      algorithm is required for Federal applications; and
   
   c. Encourage the adoption and use of the specified secure hash algorithm
      by private and commercial organizations.

Qualifications:  While it is the intent of this standard to specify a secure 
hash algorithm, conformance to this standard does not assure that a particular
implementation is secure.  The responsible authority in each agency or 
department shall assure that an overall implementation provides an acceptable
level of security.  This standard will be reviewed every five years in order
to assess its adequacy.

Waiver Procedure:  Under certain exceptional circumstances, the heads of 
Federal departments and agencies may approve waivers to Federal Information 
Processing Standards (FIPS).  The head of such agency may redelegate such
authority only to a senior official designated pursuant to section 3506(b)
of Title 44, United States Code.  Waiver shall be granted only when:

   a. Compliance with a standard would adversely affect the accomplishment of
      the mission of an operator of a Federal computer system; or

   b. Compliance with a standard would cause a major adverse financial impact
      on the operator which is not offset by Government-wide savings.

Agency heads may act upon a written waiver request containing the information
detailed above.  Agency heads may also act without a written waiver request
when they determine that conditions for meeting the standard cannot be met.
Agency heads may approve waivers only by a written decision which explains
the basis on which the agency head made the required finding(s).  A copy of
each decision, with procurement sensitive or classified portions clearly
identified, shall be sent to: National Institute of Standards and Technology;
ATTN: FIPS Waiver Decisions, Technology Building, Room B-154, Gaithersburg,
MD 20899.

In addition, notice of each waiver granted and each delegation of authority
to approve waivers shall be sent promptly to the Committee on Government
Operations of the House of Representatives and the Committee on Government
Affairs of the Senate and shall be published promptly in the Federal Register.

When the determination on a waiver applies to the procurement of equipment
and/or services, a notice of the waiver determination must be published in
the Commerce Business Daily as a part of the notice of solicitation for
offers of an acquisition or, if the waiver determination is made after that
notice is published, by amendment to such notice.

A copy of the waiver, any supporting documents, the document approving the
waiver and any accompanying documents, with such deletions as the agency is
authorized and decides to make under 5 United States Code Section 552(b),
shall be part of the procurement documentation and retained by the agency.

Where to Obtain Copies of the Standard:  Copies of this publication are for
sale by the National Technical Information Service, U.S. Department of
Commerce, Springfield, VA 22161.  When ordering, refer to Federal Information
Processing Standards Publication 180-1 (FIPSPUB180-1), and identify the title.
When microfiche is desired, this should be specified.  Prices are published by
NTIS in current catalogs and other issuances.  Payment may be made by check,
money order, deposit account or charged to a credit card accepted by NTIS.

			---------------------

			 Federal Information
		Processing Standards Publication 180-1

			   1995 April 17

		       Specifications for the

		       	SECURE HASH STANDARD 

			  1. INTRODUCTION

The Secure Hash Algorithm (SHA-1) is required for use with the Digital 
Signature Algorithm (DSA) as specified in the Digital Signature Standard
(DSS) and whenever a secure hash algorithm is required for federal applica-
tions.   For a message of length < 2^64 bits, the SHA-1 produces a 160-bit
condensed representation of the message called a message digest.  The message
digest is used during generation of a signature for the message.  The SHA-1
is also used to compute a message digest for the received version of the
message during the process of verifying the signature.  Any change to the
message in transit will, with very high probability, result in a different
message digest, and the signature will fail to verify.

The SHA-1 is designed to have the following properties: it is computationally
infeasible to find a message which corresponds to a given message digest, or
to find two different messages which produce the same message digest.

                   	2. BIT STRINGS AND INTEGERS

The following terminology related to bit strings and integers will be used:
      
 a.  A hex digit is an element of the set {0, 1, ... , 9, A, ... , F}.  A 
     hex digit is the representation of a 4-bit string.  Examples: 7 = 0111, 
     A = 1010.

 b.  A word equals a 32-bit string which may be represented as a sequence of
     8 hex digits. To convert a word to 8 hex digits each 4-bit string is 
     converted to its hex equivalent as described in (a) above.  Example: 

        1010 0001 0000 0011 1111 1110 0010 0011 = A103FE23.

 c.  An integer between 0 and 2^32 - 1 inclusive may be represented as a word.
     The least significant four bits of the integer are represented by the 
     right-most hex digit of the word representation.  Example: the integer 
     291 = 2^8+2^5+2^1+2^0 = 256+32+2+1 is represented by the hex word,
     00000123.
     
     If z is an integer, 0 <= z < 2^64, then z = (2^32)x + y where 
     0 <= x < 2^32 and 0 <= y < 2^32.  Since x and y can be represented as 
     words X and Y, respectively, z can be represented as the pair of words
     (X,Y).

 d.  block = 512-bit string.  A block (e.g., B) may be represented as a 
     sequence of 16 words.
 
                     	  3. OPERATIONS ON WORDS
   
The following logical operators will be applied to words:

 a.  Bitwise logical word operations 
  
     X AND Y         =  bitwise logical "and" of  X and Y.

     X OR Y          =  bitwise logical "inclusive-or" of X and Y.
    
     X XOR Y         =  bitwise logical "exclusive-or" of X and Y.

     NOT X           =  bitwise logical "complement" of X.

     Example: 

            01101100101110011101001001111011
      XOR   01100101110000010110100110110111
            --------------------------------
        =   00001001011110001011101111001100

 b.  The operation X + Y is defined as follows:  words X and Y represent 
     integers x and y, where 0 <= x < 2^32 and 0 <= y < 2^32.  For positive 
     integers n and m, let n mod m be the remainder upon dividing n by m.
     Compute