1995-01-28 - Re: SHA Reference?

Header Data

From: Jim Gillogly <jim@acm.org>
To: cypherpunks@toad.com
Message Hash: 441dd56952b872906f45893b4fc37396c0c034a921d136123e2a031c5690dcc0
Message ID: <199501282027.MAA17185@mycroft.rand.org>
Reply To: <9501281910.AA20923@snark.imsi.com>
UTC Datetime: 1995-01-28 20:27:31 UTC
Raw Date: Sat, 28 Jan 95 12:27:31 PST

Raw message

From: Jim Gillogly <jim@acm.org>
Date: Sat, 28 Jan 95 12:27:31 PST
To: cypherpunks@toad.com
Subject: Re: SHA Reference?
In-Reply-To: <9501281910.AA20923@snark.imsi.com>
Message-ID: <199501282027.MAA17185@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



> "Perry E. Metzger" <perry@imsi.com> writes:
> apparently also pre-correction. Anyone know the proper reference for
> the corrected text?

I append the latest reference I've seen, posted by Robert Perillo in Aug.
Check rand.org:pub/jim/sha.tar.gz for my latest C code.  An #ifdef will
select the broken or fixed versions.

	Jim Gillogly
	7 Solmath S.R. 1995, 20:25

----------------------------
Federal Register  07/11/94
Citation="59 FR 35317"

[Docket No. 940675-4175]
RIN 0693-AB33

Proposed Revision of Federal Information Processing Standard 
(FIPS) 180, Secure Hash Standard

AGENCY: National Institute of Standards and Technology (NIST), 
Commerce.

ACTION: Notice; Request for comments.

SUMMARY: A revision of Federal Information Processing Standard 
(FIPS) 180, Secure Hash Standard (SHS), is being proposed. This 
proposed revision corrects a technical flaw that made the standard 
less secure than had been thought. The algorithm is still reliable 
as a security mechanism, but the correction returns the SHS 
to the original level of security.

   The SHS produces a 160-bit output called a message digest 
for a message of any size. This message digest can be used with 
FIPS 186, Digital Signature Standard (DSS), to compute a signature 
for the message. The same message digest should be obtained 
by the verifier of the signature when the received version of 
the message is used as input to the Secure Hash Algorithm (SHA). 
--------------

         Proposed Modification of the Secure Hash Algorithm

In Section 7 of [1](page 9), the line which reads

    b) For t=16 to 79 let W(t) = W(t-3) XOR W(t-8) XOR W(t-14) XOR W(t-16).

is to be replaced by

    b) For t=16 to 79 let
                   W(t) = S1( W(t-3) XOR W(t-8) XOR W(t-14) XOR W(t-16) ).

where S1 is a left circular shift by one bit as defined
in Section 3 of [1](page 6), namely

S1(X) = (X<<1) V (X>>31).


ASCII translator's note : S1 is actually,  S superscript 1.
                          W(t-n) is actually, W subscript, t or t-n.



References:

    [1]  FIPS PUB 180; Secure Hash Standard
         Computer Systems Laboratory
         National Institute of Standards and Technology
         1993 May 11
_____________________________________________________________________





Thread