Packetizer Logo
 

Secure Hashing Algorithm (SHA-1)

A C and C++ Reference Implementation

The Secure Hash Standard (SHS) defines the "Secure Hashing Algorithm" (SHA) family of hashing functions, namely SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. This page focuses exclusively on SHA-1.

SHA-1 can be used to produce a hash or message digest for a given message that is 160 bits in length. It is effectively a fingerprint that can uniquely represent some input data (file, text, etc), as no two messages would likely share the same message digest. SHA-1 is used by Digital Signature Standard (DSS), which is a standard used for digitally signing documents or other data.

It should be noted that NIST no longer recommends use of SHA-1 for security applications. It has been officially retired as of 2022. However, that doesn't mean that SHA-1 has no utility. If the purpose one has is to uniquely identify some data, SHA-1 can still serve that purpose. As one example, the popular source code control software "git" uses SHA-1 to identify source code commits. However, if the purpose is for security, one should use SHA-224, SHA-256, SHA-384, SHA-512, or the SHA-3 family of hashing functions.

From this page, you can download C++ and the C the implementations of SHA-1. This is the same source base from which the code in RFC 3174 was based. While the RFC has remained static, this code base has been modified (ever so slightly) and any reported bug fixes will be put into this source repository. (To date, none have been reported, though the code has been used widely.)

Along with the class that implements the SHA-1 algorithm, there are also utilities to produce fingerprints of files, compare files based on fingerprints, and exercise the class itself.

All downloads include the utilities "sha" and "shacmp" for displaying fingerprints of files (sha) and also comparing the fingerprints of two files (shacmp).

The fingerprint for the C++ (sha1.zip) file is: DA58FA3C 0501283F 09385A91 2C844B1B 82AFEF34

The fingerprint for the C (sha1-c.zip) file is: 43A368A6 4FEEF833 9CCF389A 5CE9F1B4 C5D5637A

Windows binaries are in the sha1_windows.zip file. The fingerprint is for that file is: 2FED8316 1FC9F7C3 ECD88DBE F0DD75AD F103AA44

Finally, we should point out that this is not an optimized version of the SHA-1 algorithm. It is written so that the algorithm can be easily compared against the FIPS document. No effort has been made to improve performance in any way. The most significant advantage of the code found here is that it is entirely free and may be used in commercial products without a fee.

If you wish to have optimized versions of SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512, Terrapane offers those as commercial libraries with a generous royalty-free license.