Encryption - SAH-2

SHA-2 is an advanced, Cryptographic Hash Function that was initiated to correct flaws in its predecessor, SHA-1. The security flaws where identified in 2005 involving mathematical weakness in the hash function. The SHA cryptographic algorithms where designed in 2001 by the NSA (National Security Agency) and published in 2001 by the NIST. The original publication was as a Federal Information Processing Standard for the US government.

SHA-2 consists of four separate hash functions, each of which operates with four different digest sizes, 224, 256,384 and 512. The digest size is a function of the strength of the encryption. This family of encryption algorithms is mandated for use by the federal government in a number of applications such as the encryption of sensitive unclassified information or the encryption of data transmitted within other cryptographic systems.

Upon adoption of the stronger SHA-2 system, the SHA-1 system was retired out of government service. SHA-1 is used in several widely used security protocols such as TLS, SSL, IPsec and others. In the case of these particular systems, SHA-1 forms a part of the main function of the system dealing with data integrity. SHA-2 is also used in the same security systems as SHA-1 but is dependent on the age of the implementation.

When SHA-1 is retired, sometimes in 2010, SHA-2 will be the new standard and it will be required by all now using SHA-1 to implement as fully as possible the new system. This means that all government applications and systems still using the SHA-1 system must migrate to SHA-2. The commercial adoption of SHA-2 has been limited in spite of its superior security.

Some of the reasons for the limitations include the fact that there is no support for these systems because they are versions of certain operating systems, which are no longer being supported. Advanced SHA-2 is not supported in these operating systems and in many cases, the lack of demonstrated collisions found. Collisions are security flaws in the system. Additionally, SHA-3 is currently under development and is slated to be certified in 2012. As a result, many commercial applications and vendors are waiting as long as they can to switch, or at least until the new standard is released.

SHA-2 bears little resemblance to its predecessor, SHA-1. In the same manner, SHA-3 is not being derived from SHA-2. It is a significantly stronger, more flexible system but is not expected to reach widespread adoption until at least 2015. Currently there are 14 separate submissions before the selection committee and they are all in round two from which the winner will be announced in 2012 by the NIST. The competition is an open competition held by various vendors to select the encryption systems that will form SHA-3. This is the same type of public competition that has led to the development of AES.

 If you are looking to insure your house in the UK you could do far worse than buy churchill home insurance or direct line home insurance!

Copyright Devon Institute 2006 All Rights Reserved