Search code examples
encryptionsslsha1hash-functionsha2

SSL encryption, SHA-1 and SHA-2


I am trying to implement SHA-2 encryption instead of SHA-1.

For this, I know that the number of bits between these two hash algorithms are different, and it confuses me.

How can this be achieved and at what parts do I need to make required changes?

I can use any open source library from Java, Python and any other major programming language.


Solution

  • First of all, neither SHA-1 nor anything related to SHA-2 is an "encryption" algorithm. They are hash functions. In SSL, hash functions are used mostly for integrity, not confidentiality, through the HMAC construction. A hash function takes an input of arbitrary length, and produces an output with a fixed length, which is a kind of "digest" of the input data; the operation is meant not to be reversible.

    A hash function is "public": there is no confidential data, no key; everybody can compute the hash function output on any given input. A "message authentication code" (MAC) is a kind of "keyed hash": a secret key (i.e. an arbitrary bunch of bits) is also input in the process, so that knowledge of the key is necessary to (re-)compute the MAC output. This is used for integrity checks (the sender uses the key to compute the MAC, the receiver uses the key to recompute the MAC; if the MAC matches, then the data is correct, because an attacker, not knowing the key, could not have altered the data and computed a valid MAC on the altered data).

    HMAC is a construction which turns a hash function (such as SHA-1) into a MAC. TLS (that's the current, standard name of SSL) uses HMAC. The output of HMAC, when used with a given hash function h, has the same size than the output of h. That output can be conventionally truncated: HMAC/SHA-1 nominally produces a 160-bit output, but it is customary, in some protocols, to keep only the first 96 bits. Such truncation does not occur in SSL.

    The FIPS 180-3 standard defines five hash functions, named SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512, with output lengths of 160, 224, 256, 384 and 512 bits respectively. The SHA-224, SHA-256, SHA-384 and SHA-512 functions are colloquially known as "SHA-2", so "SHA-2" is not one function, but a family of four hash functions.

    The TLS specification defines cipher suites. A cipher suite is a set of cryptographic algorithms that the client and server agree upon during the initial phase of the connection (the "handshake"). Among the algorithms is the MAC to use to ensure data integrity. Some of the standard cipher suites specify that the MAC shall be "HMAC with SHA-256", i.e. something which uses one of the SHA-2 functions.

    So the answer to your question is: "just configure the client and server to use one of the cipher suites with HMAC/SHA-256". If your SSL implementation does not support such cipher suites, then you will have to modify it, which will entail understanding quite thoroughly how SSL works; reading and understanding the complete RFC 5246 will be necessary.