Network Working Group R. Housley
Request for Comments: 3874 Vigil Security
Category: Informational September 2004
Network Working Group R. Housley
Request for Comments: 3874 Vigil Security
Category: Informational September 2004
A 224-bit One-way Hash Function: SHA-224
224位单向散列函数:SHA-224
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2004).
版权所有(C)互联网协会(2004年)。
Abstract
摘要
This document specifies a 224-bit one-way hash function, called SHA-224. SHA-224 is based on SHA-256, but it uses a different initial value and the result is truncated to 224 bits.
本文档指定了一个224位单向散列函数,称为SHA-224。SHA-224基于SHA-256,但它使用不同的初始值,结果被截断为224位。
This document specifies a 224-bit one-way hash function, called SHA-224. The National Institute of Standards and Technology (NIST) announced the FIPS 180-2 Change Notice on February 28, 2004 which specifies the SHA-224 one-way hash function. One-way hash functions are also known as message digests. SHA-224 is based on SHA-256, the 256-bit one-way hash function already specified by NIST [SHA2]. Computation of a SHA-224 hash value is two steps. First, the SHA-256 hash value is computed, except that a different initial value is used. Second, the resulting 256-bit hash value is truncated to 224 bits.
本文档指定了一个224位单向散列函数,称为SHA-224。国家标准与技术研究所(NIST)于2004年2月28日发布了FIPS 180-2变更通知,其中指定了SHA-224单向散列函数。单向散列函数也称为消息摘要。SHA-224基于SHA-256,即NIST已经指定的256位单向散列函数[SHA2]。SHA-224散列值的计算分为两步。首先,计算SHA-256散列值,但使用不同的初始值。其次,生成的256位哈希值被截断为224位。
NIST is developing guidance on cryptographic key management, and NIST recently published a draft for comment [NISTGUIDE]. Five security levels are discussed in the guidance: 80, 112, 128, 192, and 256 bits of security. One-way hash functions are available for all of these levels except one. SHA-224 fills this void. SHA-224 is a one-way hash function that provides 112 bits of security, which is the generally accepted strength of Triple-DES [3DES].
NIST正在制定密码密钥管理指南,NIST最近发布了征求意见稿[NIST指南]。指南中讨论了五个安全级别:80、112、128、192和256位安全。单向散列函数可用于除一个之外的所有级别。SHA-224填补了这一空白。SHA-224是一个单向散列函数,提供112位安全性,这是三重DES[3DES]的普遍接受强度。
This document makes the SHA-224 one-way hash function specification available to the Internet community, and it publishes the object identifiers for use in ASN.1-based protocols.
本文档使SHA-224单向散列函数规范可供互联网社区使用,并发布了用于基于ASN.1的协议的对象标识符。
Since SHA-224 is based on SHA-256, roughly the same amount of effort is consumed to compute a SHA-224 or a SHA-256 digest message digest value. Even though SHA-224 and SHA-256 have roughly equivalent computational complexity, SHA-224 is an appropriate choice for a one-way hash function that provides 112 bits of security. The use of a different initial value ensures that a truncated SHA-256 message digest value cannot be mistaken for a SHA-224 message digest value computed on the same data.
由于SHA-224基于SHA-256,因此计算SHA-224或SHA-256摘要消息摘要值所消耗的工作量大致相同。尽管SHA-224和SHA-256的计算复杂度大致相当,但对于提供112位安全性的单向散列函数,SHA-224是一个合适的选择。使用不同的初始值可确保截断的SHA-256消息摘要值不会被误认为是根据相同数据计算的SHA-224消息摘要值。
Some usage environments are sensitive to every octet that is transmitted. In these cases, the smaller (by 4 octets) message digest value provided by SHA-224 is important.
某些使用环境对传输的每个八位字节都很敏感。在这些情况下,SHA-224提供的较小(4个八位字节)的消息摘要值很重要。
These observations lead to the following guidance:
这些观察得出以下指导意见:
* When selecting a suite of cryptographic algorithms that all offer 112 bits of security strength, SHA-224 is an appropriate choice for one-way hash function.
* 当选择一套全部提供112位安全强度的加密算法时,SHA-224是单向散列函数的合适选择。
* When terseness is not a selection criteria, the use of SHA-256 is a preferred alternative to SHA-224.
* 当简洁性不是选择标准时,使用SHA-256是SHA-224的首选替代方案。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [STDWORDS].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[STDWORDS]中的说明进行解释。
SHA-224 may be used to compute a one-way hash value on a message whose length less than 2^64 bits.
SHA-224可用于计算长度小于2^64位的消息的单向散列值。
SHA-224 makes use of SHA-256 [SHA2]. To compute a one-way hash value, SHA-256 uses a message schedule of sixty-four 32-bit words, eight 32-bit working variables, and produces a hash value of eight 32-bit words.
SHA-224使用SHA-256[SHA2]。为了计算单向散列值,SHA-256使用64个32位字、8个32位工作变量的消息调度,并生成8个32位字的散列值。
The function is defined in the exact same manner as SHA-256, with the following two exceptions:
该函数的定义方式与SHA-256完全相同,但有以下两个例外:
First, for SHA-224, the initial hash value of the eight 32-bit working variables, collectively called H, shall consist of the following eight 32-bit words (in hex):
首先,对于SHA-224,八个32位工作变量(统称为H)的初始哈希值应由以下八个32位字(十六进制)组成:
H_0 = c1059ed8 H_4 = ffc00b31
H_1 = 367cd507 H_5 = 68581511
H_2 = 3070dd17 H_6 = 64f98fa7
H_3 = f70e5939 H_7 = befa4fa4
H_0 = c1059ed8 H_4 = ffc00b31
H_1 = 367cd507 H_5 = 68581511
H_2 = 3070dd17 H_6 = 64f98fa7
H_3 = f70e5939 H_7 = befa4fa4
Second, SHA-224 simply makes use of the first seven 32-bit words in the SHA-256 result, discarding the remaining 32-bit words in the SHA-256 result. That is, the final value of H is used as follows, where || denotes concatenation:
其次,SHA-224仅使用SHA-256结果中的前七个32位字,丢弃SHA-256结果中剩余的32位字。也就是说,H的最终值使用如下,其中| |表示串联:
H_0 || H_1 || H_2 || H_3 || H_4 || H_5 || H_6
H|U 0 | H|U 1 | H|U 2 | H|U 3 | H|U 4 | H|U 5 | H|U 6
This section includes three test vectors. These test vectors can be used to test implementations of SHA-224.
本节包括三个测试向量。这些测试向量可用于测试SHA-224的实现。
Let the message to be hashed be the 24-bit ASCII string "abc", which is equivalent to the following binary string:
将要散列的消息设为24位ASCII字符串“abc”,它相当于以下二进制字符串:
01100001 01100010 01100011
01100001 01100010 01100011
The SHA-224 hash value (in hex):
SHA-224哈希值(十六进制):
23097d22 3405d822 8642a477 bda255b3 2aadbce4 bda0b3f7 e36c9da7
23097d22 3405d822 8642a477 bda255b3 2aadbce4 bda0b3f7 e36c9da7
Let the message to be hashed be the 448-bit ASCII string "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq".
让要散列的消息为448位ASCII字符串“ABCDBCDECDEFGEFGHFGHIGHIJHIJHIJKIJKLJKLMNLMNOMNOPQ”。
The SHA-224 hash value is (in hex):
SHA-224哈希值为(十六进制):
75388b16 512776cc 5dba5da1 fd890150 b0c6455c b4f58b19 52522525
75388b16 512776cc 5dba5da1 fd890150 b0c6455c b4f58b19 52522525
Let the message to be hashed be the binary-coded form of the ASCII string which consists of 1,000,000 repetitions of the character "a".
将要散列的消息设为ASCII字符串的二进制编码形式,该字符串由1000000个字符“a”重复组成。
The SHA-224 hash value is (in hex):
SHA-224哈希值为(十六进制):
20794655 980c91d8 bbb4c1ea 97618a4b f03f4258 1948b2ee 4ee7ad67
20794655 980c91d8 bbb4c1ea 97618a4b f03f4258 1948b2ee 4ee7ad67
NIST has assigned an ASN.1 [X.208-88, X.209-88] object identifier for SHA-224. Some protocols use object identifiers to name one-way hash functions. One example is CMS [CMS]. Implementations of such protocols that make use of SHA-224 MUST use the following object identifier.
NIST为SHA-224分配了ASN.1[X.208-88,X.209-88]对象标识符。一些协议使用对象标识符来命名单向散列函数。一个例子是CMS[CMS]。使用SHA-224的此类协议的实现必须使用以下对象标识符。
id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2)
country(16) us(840) organization(1) gov(101)
csor(3) nistalgorithm(4) hashalgs(2) sha224(4) }
id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2)
country(16) us(840) organization(1) gov(101)
csor(3) nistalgorithm(4) hashalgs(2) sha224(4) }
One-way hash functions are typically used with other cryptographic algorithms, such as digital signature algorithms and keyed-hash message authentication codes, or in the generation of random values. When a one-way hash function is used in conjunction with another algorithm, there may be requirements specified elsewhere that require the use of a one-way hash function with a certain number of bits of security. For example, if a message is being signed with a digital signature algorithm that provides 128 bits of security, then that signature algorithm may require the use of a one-way hash algorithm that also provides the same number of bits of security. SHA-224 is intended to provide 112 bits of security, which is the generally accepted strength of Triple-DES [3DES].
单向散列函数通常与其他加密算法(如数字签名算法和密钥散列消息认证码)一起使用,或用于生成随机值。当单向散列函数与另一个算法结合使用时,可能会有其他地方指定的要求,要求使用具有一定安全位数的单向散列函数。例如,如果正在使用提供128位安全性的数字签名算法对消息进行签名,则该签名算法可能需要使用同样提供相同数量安全性的单向散列算法。SHA-224旨在提供112位安全性,这是三重DES[3DES]的普遍接受强度。
This document is intended to provide the SHA-224 specification to the Internet community. No independent assertion of the security of this one-way hash function is intended by the author for any particular use. However, as long as SHA-256 provides the expected security, SHA-224 will also provide its expected level of security.
本文件旨在向互联网社区提供SHA-224规范。作者无意对该单向散列函数的安全性进行独立断言,以用于任何特定用途。然而,只要SHA-256提供预期的安全性,SHA-224也将提供其预期的安全性水平。
[SHA2] Federal Information Processing Standards Publication (FIPS PUB) 180-2, Secure Hash Standard, 1 August 2002.
[SHA2]联邦信息处理标准出版物(FIPS PUB)180-2,安全哈希标准,2002年8月1日。
[STDWORDS] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[STDWORDS]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[3DES] American National Standards Institute. ANSI X9.52-1998, Triple Data Encryption Algorithm Modes of Operation. 1998.
[3DES]美国国家标准协会。ANSI X9.52-1998,三重数据加密算法操作模式。1998
[CMS] Housley, R., "Cryptographic Message Syntax (CMS)", RFC 3852, July 2004.
[CMS]Housley,R.,“加密消息语法(CMS)”,RFC 38522004年7月。
[NISTGUIDE] National Institute of Standards and Technology. Second
Draft: "Key Management Guideline, Part 1: General
Guidance." June 2002.
[http://csrc.nist.gov/encryption/kms/guideline-1.pdf]
[NISTGUIDE] National Institute of Standards and Technology. Second
Draft: "Key Management Guideline, Part 1: General
Guidance." June 2002.
[http://csrc.nist.gov/encryption/kms/guideline-1.pdf]
[X.208-88] CCITT Recommendation X.208: Specification of Abstract Syntax Notation One (ASN.1). 1988.
[X.208-88]CCITT建议X.208:抽象语法符号1规范(ASN.1)。1988
[X.209-88] CCITT Recommendation X.209: Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1). 1988.
[X.209-88]CCITT建议X.209:抽象语法符号1(ASN.1)的基本编码规则规范。1988
Many thanks to Jim Schaad for generating the test vectors. A second implementation by Brian Gladman was used to confirm that the test vectors are correct.
非常感谢Jim Schaad生成测试向量。Brian Gladman的第二个实现用于确认测试向量是正确的。
Russell Housley Vigil Security, LLC 918 Spring Knoll Drive Herndon, VA 20170 USA
Russell Housley Vigil Security,LLC 918 Spring Knoll Drive Herndon,弗吉尼亚州,邮编20170
EMail: housley@vigilsec.com
EMail: housley@vigilsec.com
Copyright (C) The Internet Society (2004).
版权所有(C)互联网协会(2004年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/S HE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、其代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the IETF's procedures with respect to rights in IETF Documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关IETF文件中权利的IETF程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。