From: Jim Gillogly <jim@acm.org>
To: cypherpunks@toad.com
Message Hash: 441dd56952b872906f45893b4fc37396c0c034a921d136123e2a031c5690dcc0
Message ID: <199501282027.MAA17185@mycroft.rand.org>
Reply To: <9501281910.AA20923@snark.imsi.com>
UTC Datetime: 1995-01-28 20:27:31 UTC
Raw Date: Sat, 28 Jan 95 12:27:31 PST
From: Jim Gillogly <jim@acm.org>
Date: Sat, 28 Jan 95 12:27:31 PST
To: cypherpunks@toad.com
Subject: Re: SHA Reference?
In-Reply-To: <9501281910.AA20923@snark.imsi.com>
Message-ID: <199501282027.MAA17185@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain
> "Perry E. Metzger" <perry@imsi.com> writes:
> apparently also pre-correction. Anyone know the proper reference for
> the corrected text?
I append the latest reference I've seen, posted by Robert Perillo in Aug.
Check rand.org:pub/jim/sha.tar.gz for my latest C code. An #ifdef will
select the broken or fixed versions.
Jim Gillogly
7 Solmath S.R. 1995, 20:25
----------------------------
Federal Register 07/11/94
Citation="59 FR 35317"
[Docket No. 940675-4175]
RIN 0693-AB33
Proposed Revision of Federal Information Processing Standard
(FIPS) 180, Secure Hash Standard
AGENCY: National Institute of Standards and Technology (NIST),
Commerce.
ACTION: Notice; Request for comments.
SUMMARY: A revision of Federal Information Processing Standard
(FIPS) 180, Secure Hash Standard (SHS), is being proposed. This
proposed revision corrects a technical flaw that made the standard
less secure than had been thought. The algorithm is still reliable
as a security mechanism, but the correction returns the SHS
to the original level of security.
The SHS produces a 160-bit output called a message digest
for a message of any size. This message digest can be used with
FIPS 186, Digital Signature Standard (DSS), to compute a signature
for the message. The same message digest should be obtained
by the verifier of the signature when the received version of
the message is used as input to the Secure Hash Algorithm (SHA).
--------------
Proposed Modification of the Secure Hash Algorithm
In Section 7 of [1](page 9), the line which reads
b) For t=16 to 79 let W(t) = W(t-3) XOR W(t-8) XOR W(t-14) XOR W(t-16).
is to be replaced by
b) For t=16 to 79 let
W(t) = S1( W(t-3) XOR W(t-8) XOR W(t-14) XOR W(t-16) ).
where S1 is a left circular shift by one bit as defined
in Section 3 of [1](page 6), namely
S1(X) = (X<<1) V (X>>31).
ASCII translator's note : S1 is actually, S superscript 1.
W(t-n) is actually, W subscript, t or t-n.
References:
[1] FIPS PUB 180; Secure Hash Standard
Computer Systems Laboratory
National Institute of Standards and Technology
1993 May 11
_____________________________________________________________________
Return to January 1995
Return to “Robert Rothenberg <rrothenb@ic.sunysb.edu>”