Code360 powered by Coding Ninjas X Naukri.com. Code360 powered by Coding Ninjas X Naukri.com
Table of contents
1.
Introduction
2.
How SHA-1 Algorithm Works?
3.
Components and Process Flow
3.1.
1. Message Padding
3.2.
2. Parsing
3.3.
3. Initialization
3.4.
4. Processing
3.5.
5. Output
4.
Cryptographic Hash Functions in Java
4.1.
Example 1: Below program shows the implementation of SHA-1 hash in Java.
4.2.
Java
4.3.
Example 2: Below program shows the implementation of SHA-1 hash in PHP.
4.4.
PHP
4.5.
Example 3: Below program shows the implementation of SHA-1 hash in JavaScript.
4.6.
JavaScript
5.
Applications of SHA-1 Algorithm
6.
Frequently Asked Questions
6.1.
Is SHA-1 Algorithm still secure?
6.2.
Can SHA-1 be reversed to obtain the original message?
6.3.
Are there any known collisions in SHA-1?
7.
Conclusion
Last Updated: Aug 23, 2024
Medium

SHA-1 Algorithm

Author Pallavi singh
0 upvote

Introduction

SHA-1 is a cryptographic hash function that takes an input and produces a 160-bit hash value. It is used to verify the integrity of data and ensure that it has not been altered. SHA-1 Algorithm is a widely used algorithm in various security applications, like digital signatures and password storage. 

sha1 Algorithm

In this article, we will discuss how SHA-1 Algorithm works, its components & process flow, and provide code examples in different languages. 

How SHA-1 Algorithm Works?

SHA-1 (Secure Hash Algorithm 1) is a one-way hash function that takes an input message of any length & produces a fixed-size 160-bit (20-byte) hash value. The input message is broken down into blocks of 512 bits (64 bytes) each. If the message length is not a multiple of 512, padding is added to the end of the message to make it a multiple of 512 bits.

The SHA-1 algorithm consists of the following steps:

1. Padding: The original message is padded with a single "1" bit followed by as many "0" bits as necessary to make the message length a multiple of 512 bits.
 

2. Parsing: The padded message is divided into 512-bit blocks.
 

3. Initialization: Five 32-bit variables (A, B, C, D, E) are initialized with specific values.
 

4. Processing: Each 512-bit block is processed in a series of 80 rounds, using a combination of logical functions and bit operations.
 

5. Output: The final hash value is the concatenation of the five variables (A, B, C, D, E) after processing all the blocks.


The SHA-1 algorithm uses a series of logical functions and bit operations to transform the input message into the final hash value. These functions ensure that even a small change in the input message results in a significantly different hash value, making it difficult to find collisions (two different messages producing the same hash value).

Components and Process Flow

The SHA-1 algorithm consists of several components and follows a specific process flow. 

Let's discuss these components in detail:

1. Message Padding

  • The original message is padded with a single "1" bit followed by "0" bits until the message length is 64 bits less than a multiple of 512 bits.
  • The remaining 64 bits are filled with the original message length in binary format.

2. Parsing

  • The padded message is divided into 512-bit blocks.
  • Each block is further divided into 16 32-bit words.

3. Initialization

  • Five 32-bit variables (A, B, C, D, E) are initialized with specific hexadecimal values.
  • These values are predefined constants in the SHA-1 algorithm.

4. Processing

  • Each 512-bit block is processed in 80 rounds.
  • In each round, the following operations are performed:
  • The five variables (A, B, C, D, E) are updated using a combination of logical functions and bit operations. The logical functions used are:

      - Ch(x, y, z) = (x & y) ^ ((~x) & z)

      - Parity(x, y, z) = x ^ y ^ z

      - Maj(x, y, z) = (x & y) ^ (x & z) ^ (y & z)
 

  • The variables are rotated and combined with the message words and constants in a specific manner.

5. Output

  • After processing all the blocks, the final hash value is obtained by concatenating the five variables (A, B, C, D, E).
  • The resulting hash value is a 160-bit (20-byte) value.
     

The SHA-1 process flow ensures that the input message is thoroughly mixed and transformed, resulting in a unique and irreversible hash value. The specific operations and constants used in the algorithm are designed to provide strong collision resistance and make it computationally infeasible to find two different messages that produce the same hash value.
 

Summary of Steps:

1. Padding: Pad the original message with a "1" bit and "0" bits until the message length is 64 bits less than a multiple of 512 bits, then append the original message length.
 

2. Parsing: Divide the padded message into 512-bit blocks, and further divide each block into 16 32-bit words.
 

3. Initialization: Initialize five 32-bit variables (A, B, C, D, E) with predefined hexadecimal constants.
 

4. Processing: Process each 512-bit block in 80 rounds, updating the variables using logical functions and bit operations.
 

5. Output: Concatenate the final values of the five variables to obtain the 160-bit hash value.

Cryptographic Hash Functions in Java

Java provides built-in support for cryptographic hash functions, including SHA-1. The `java.security` and `javax.xml.bind.annotation` packages contain classes that implement the SHA-1 algorithm.

Example 1: Below program shows the implementation of SHA-1 hash in Java.

  • Java

Java


import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public class SHA1Example {
public static String calculateSHA1(String input) {
try {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] messageDigest = md.digest(input.getBytes());
BigInteger no = new BigInteger(1, messageDigest);
String hashtext = no.toString(16);
while (hashtext.length() < 40) {
hashtext = "0" + hashtext;
}
return hashtext;
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}

public static void main(String[] args) {
String message = "Hello, SHA-1!";
String sha1Hash = calculateSHA1(message);
System.out.println("Message: " + message);
System.out.println("SHA-1 Hash: " + sha1Hash);
}
}
You can also try this code with Online Java Compiler
Run Code


Output

Message: Hello, SHA-1!
SHA-1 Hash: f322e078fef4f49da1618d3793d3272a91f0488c


In this example, the `calculateSHA1` method takes an input string, calculates its SHA-1 hash value using the `MessageDigest` class, and returns the hash as a hexadecimal string. The `main` method demonstrates the usage of the `calculateSHA1` method by calculating the SHA-1 hash of the message "Hello, SHA-1!".

Example 2: Below program shows the implementation of SHA-1 hash in PHP.

  • PHP

PHP

<?php
function calculateSHA1($input) {
return sha1($input);
}

$message = "Hello, SHA-1!";
$sha1Hash = calculateSHA1($message);
echo "Message: " . $message . "\n";
echo "SHA-1 Hash: " . $sha1Hash . "\n";
?>
You can also try this code with Online PHP Compiler
Run Code


Output

Message: Hello, SHA-1!
SHA-1 Hash: f322e078fef4f49da1618d3793d3272a91f0488c


In this PHP example, the `calculateSHA1` function uses the built-in `sha1` function to calculate the SHA-1 hash of the input string. The `$message` variable holds the input message, and the resulting SHA-1 hash is stored in the `$sha1Hash` variable. Finally, the message and its corresponding SHA-1 hash are printed.

Example 3: Below program shows the implementation of SHA-1 hash in JavaScript.

  • JavaScript

JavaScript

function calculateSHA1(input) {

   const encoder = new TextEncoder();

   const data = encoder.encode(input);

   return crypto.subtle.digest("SHA-1", data).then(buffer => {

       const hexCodes = [];

       const view = new DataView(buffer);

       for (let i = 0; i < view.byteLength; i += 4) {

           const value = view.getUint32(i);

           const stringValue = value.toString(16);

           const padding = "00000000";

           const paddedValue = (padding + stringValue).slice(-padding.length);

           hexCodes.push(paddedValue);

       }

       return hexCodes.join("");

   });

}


const message = "Hello, SHA-1!";

calculateSHA1(message).then(sha1Hash => {

   console.log("Message: " + message);

   console.log("SHA-1 Hash: " + sha1Hash);

});
You can also try this code with Online Javascript Compiler
Run Code


Output

Message: Hello, SHA-1!
SHA-1 Hash: f322e078fef4f49da1618d3793d3272a91f0488c


In this JavaScript example, the `calculateSHA1` function uses the Web Crypto API to calculate the SHA-1 hash of the input string. The input is first encoded using a `TextEncoder`, and then the `crypto.subtle.digest` method is used to compute the SHA-1 hash. The resulting hash is converted to a hexadecimal string by iterating over the hash buffer and converting each 32-bit value to its hexadecimal representation. Finally, the message and its corresponding SHA-1 hash are logged to the console.

Applications of SHA-1 Algorithm

1. Data Integrity: SHA-1 is used to verify the integrity of data by comparing the computed hash value with a stored or transmitted hash value. If the hashes match, it indicates that the data has not been modified.
 

2. Password Storage: Instead of storing passwords in plain text, SHA-1 hashes of passwords are often stored. When a user enters their password, the hash is calculated and compared with the stored hash for authentication.
 

3. Digital Signatures: SHA-1 is used in digital signature algorithms to generate a unique fingerprint of a message. The hash value is then encrypted with the sender's private key to create a digital signature, ensuring the authenticity and integrity of the message.
 

4. File Verification: SHA-1 checksums are commonly used to verify the integrity of downloaded files. The checksum of the downloaded file is compared with the provided checksum to ensure that the file has not been corrupted during the download process.
 

5. Version Control Systems: Version control systems like Git use SHA-1 to generate unique identifiers for each commit, allowing for efficient tracking and verification of changes in the codebase.

Frequently Asked Questions

Is SHA-1 Algorithm still secure?

SHA-1 has been found to have vulnerabilities and is no longer considered secure for cryptographic purposes. It is recommended to use newer and more secure hash functions like SHA-256 or SHA-3.

Can SHA-1 be reversed to obtain the original message?

No, SHA-1 is a one-way hash function, which means it is computationally infeasible to reverse the hash and obtain the original message. The original message cannot be determined from the hash value alone.

Are there any known collisions in SHA-1?

Yes, collisions have been found in SHA-1, where two different messages produce the same hash value. In 2017, a collision attack was demonstrated, proving that SHA-1 is not collision-resistant and should not be used for security-critical applications.

Conclusion

In this article, we explained how SHA-1 Algorithm works by breaking down its components and process flow. We also provided code examples in Java, PHP & JavaScript to show the implementation of SHA-1 Algorithm. Additionally, we discussed the various applications of SHA-1 in data integrity, password storage, digital signatures & file verification. However, it is important to note that SHA-1 Algorithm is no longer considered secure due to known vulnerabilities and the existence of collision attacks. For critical security applications, it is recommended to use more secure hash functions like SHA-256 or SHA-3.

You can also check out our other blogs on Code360.

Live masterclass