Expert Michael Cobb details the changes in SHA-3, including how it differs from its predecessors and the additional security it offers, and what steps enterprises should take.
The National Institute of Standards and Technology published the final version of its "Secure Hash Algorithm-3" standard in August 2015 and has released it to the public, calling it a "next-generation tool for securing the integrity of electronic information."
But is it?
This tip takes a look at Secure Hash Algorithm-3 or SHA-3, how it differs from its predecessors, the additional security it offers, and how enterprises should plan for its arrival.
Exploring the need for SHA-3
Cryptographic hash functions are widely used in many aspects of security -- such as digital signatures and data integrity checks -- but play a somewhat different role than other cryptographic algorithms. They take an electronic file, message or block of data, and generate a short digital fingerprint of the content called a message digest or hash value. The ciphers in hash functions are built for hashing; they use large keys and blocks, can efficiently change keys every block, and have been designed and vetted for resistance to key-related attacks.
General-purpose ciphers used for encryption tend to have different design goals. For example, the symmetric-key block cipher AES can be used for generating hash values, but its key and block sizes make it nontrivial and inefficient.
The key properties of a secure cryptographic hash function are:
One-way value: The input cannot be determined from the output
Strong collision resistance: Two different inputs can't create the same output
In 2012, NIST announced Keccak (pronounced "catch-ack") as the winner of its Cryptographic Hash Algorithm Competition, which was held to select a next-generation cryptographic secure hash algorithm; the competition launched in 2007 and received 64 submissions. The highly popular AES algorithm was selected using a similar process to ensure a thorough and transparent analysis of each submission. The new standard -- Federal Information Processing Standard (FIPS) 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions -- is available for download from NIST's website and does not differ markedly from the draft version that was released for public comment in May 2014.
The new standard does not differ markedly from the draft version that was released in May 2014.
NIST said that while SHA-2 -- specified in FIPS 180-4, Secure Hash Standard -- is still "secure and suitable for general use," SHA-3 will complement it and provide much-needed diversity. MD5 and SHA-1 were once widely used hash algorithms, but are now considered weak and are being replaced by SHA-2. Microsoft, for example, announced in 2005 that it was banning developers from using DES, MD4, MD5 and, in some cases, SHA-1 encryption algorithms in any functions. Although no attacks have yet been reported on SHA-2, it's algorithmically similar to SHA-1, hence the need for SHA-3, which is very different from SHA-2 in design. If attacks against SHA-2 suddenly become feasible, the industry has a replacement ready.
What SHA-3 has to offer
The SHA-3 family consists of four cryptographic hash functions based on an instance of the Keccak algorithm -- SHA3-224, SHA3-256, SHA3-384 and SHA3-512 -- and two extendable-output functions -- SHAKE128 and SHAKE256.
Extendable-output functions are different from hash functions because the output can be extended to any desired length, making them ideal for full domain hashing, randomized hashing, stream encryption and generating message authentication codes. In hardware implementations, Keccak was notably faster than all other finalists, and some of the SHA-3 functions can be implemented on a chip without requiring much additional circuitry.
Getting ready for SHA-3
Realistically, widespread adoption of Secure Hash Algorithm-3 is probably five years away. A far greater priority for most enterprises is migrating from SHA-1 to SHA-2. Web masters must request new SHA-2 certificates to replace any that use SHA-1 and expire after Jan. 1, 2017, otherwise they will not be trusted by Windows-based devices. SHA-1 code signing certificates without time stamps won't be accepted by Windows after Jan. 1, 2016.
A far greater priority for most enterprises is migrating from SHA-1 to SHA-2.
Legacy systems that make SSL connections, as well as software and hardware -- such as games consoles, phones and embedded devices -- that rely on hard-coded certificates all need to be migrated to SHA-2 certificates. This may also mean having to update software if it is unable to support SHA-2 encryption.
Finally, to stay abreast of the Secure Hash Algorithm developments and the latest encryption best practices, be sure to follow the news and recommendations from standards bodies such as the National Institute of Standards and Technology.
About the author: Michael Cobb, CISSP-ISSAP, is a renowned security author with over 20 years of experience in the IT industry. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. He was also formerly a Microsoft Certified Database Manager and a registered consultant with the CESG Listed Advisor Scheme (CLAS). Cobb has a passion for making IT security best practices easier to understand and achievable. His website offers free security posters to raise employee awareness of the importance of safeguarding company and client data and of following good practices.
Next Steps
Get help transitioning from SHA-1 to SHA-2
Learn more about secure hash algorithms and cryptographic hash algorithms
A cryptographic hash algorithm (alternatively, hash "function") is designed to provide a random mapping from a string of binary data to a fixed-size “message digest” and achieve certain security properties.
A cryptographic hash algorithm (alternatively, hash "function") is designed to provide a random mapping from a string of binary data to a fixed-size “message digest” and achieve certain security properties.
SHA-3: A hash function formerly called Keccak, chosen in 2012 after a public competition among non-NSA designers. It supports the same hash lengths as SHA-2, and its internal structure differs significantly from the rest of the SHA family.
SHA-3 is the latest addition to the SHA family. Developed via a public competition promoted by NIST, it's part of the same standard while being completely different from MD5, SHA-1 and SHA-2.
SHA is the acronym for Secure Hash Algorithm, used for hashing data and certificate files. Every piece of data produces a unique hash that is thoroughly non-duplicable by any other piece of data.
SHA-3 has been criticized for being slow on instruction set architectures (CPUs) which do not have instructions meant specially for computing Keccak functions faster – SHA2-512 is more than twice as fast as SHA3-512, and SHA-1 is more than three times as fast on an Intel Skylake processor clocked at 3.2 GHz.
SHA-256 is one of the hashing algorithms that's part of the SHA-2 family (patented under a royalty-free U.S. patent 6829355). It's the most widely used and best hashing algorithm, often in conjunction with digital signatures, for: Authentication and encryption protocols, like TLS, SSL, SSH, and PGP.
SHA-256 is secure due to its 256-bit hash output, making it exponentially more complex and harder to crack than SHA-1. This complexity helps secure against brute force attacks and collision vulnerabilities, making it a more secure hashing algorithm.
xxHash is an Extremely fast Hash algorithm, running at RAM speed limits. It successfully completes the SMHasher test suite which evaluates collision, dispersion and randomness qualities of hash functions.
Best Practices for Hashing. Avoiding Weak Algorithms: It's essential to use strong and secure hashing algorithms, such as SHA-256, SHA-3, or bcrypt, rather than weak algorithms like MD5 or SHA-1. Weak algorithms are more susceptible to attacks and can be cracked more easily.
Predictably, these are also the hashing algorithms that are often used when generating digital signatures and authenticating digital records. The problem is that, while they are all often used to verify data integrity, only SHA-256 is still secure—MD5 and SHA-1 have known vulnerabilities.
Just know that hash functions such as SHA help make your browsing better, even if you're already using a VPN. SHA-256 can help secure SSL/TLS (Transport Layer Security) certificates by creating a digital signature your device can verify.
The SHA (Secure Hash Algorithm) Family designates a family of six different hash functions: SHA-0, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 [7, 8]. They take variable length input messages and hash them to fixed-length outputs.
How does SHA-3 differ from SHA-256? The SHA-256 is based on the Merkle-Damgård construction but the SHA-3 uses the sponge construction, this helps in order to provide resistance against certain types of cryptanalytic attacks.
More than SHA3, SHA2 is widely popular and used in the majority of online systems. However, SHA3 is a more secure and fast performer than SHA2. It represents the supreme form of hashing functionality and may even become the go-to hashing function in the future.
Essentially, the secure hash uses a hashing algorithm such as SHA-3 to produce a fixed-length hash of the message regardless of the message length. HMAC is similar but uses a key as an additional input to the hashing engine. It also produces a fixed-length hash regardless of the input message length.
SHA-256 and SHA-512 are proposed for use in DNSSEC. Unix and Linux vendors are moving to using 256- and 512-bit SHA-2 for secure password hashing. Several cryptocurrencies, including Bitcoin, use SHA-256 for verifying transactions and calculating proof of work or proof of stake.
Address: 55021 Usha Garden, North Larisa, DE 19209
Phone: +6812240846623
Job: Corporate Healthcare Strategist
Hobby: Singing, Listening to music, Rafting, LARPing, Gardening, Quilting, Rappelling
Introduction: My name is Foster Heidenreich CPA, I am a delightful, quaint, glorious, quaint, faithful, enchanting, fine person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.
