-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Aloha!
(Answering my own mail, nice. ;-)
Joachim Strömbergson wrote:
(4) I'll think I'm going to ask on the SHA-3 maillist (hosted by NIST) if John Kelsey & Co can provide an explanation for the H0-constants used in SHA-224 and SHA-1 in the same way as for SHA-256, SHA-512 etc. It really is a bit peculiar that they don't.
I've done this and got a response from Thomas Pornin. The problem with FIPS 180 (including the latest versio 180-4) is that the H0 values for SHA-1 and SHA-224 lack a stated explanation. Something that exists in the document for SHA-256, SHA-384 etc.
For SHA-1 the H0 constants are a simple sequence pattern and according to Thomas actually comes from MD5. Looking at the pattern it is quite clear that it is in fact a big endian sequence:
(From sha1.c in Nettle):
/* SHA initial values */ 0x67452301L, 0xEFCDAB89L, 0x98BADCFEL, 0x10325476L, 0xC3D2E1F0L,
Reading the bytes backwards and right-left it is 0..F and then an down-up pattern with high nybble going down and low nybble going up.
The H0-values for SHA-224 is actually the low 32-bits of the H0-values for SHA-384. An easy comparison between the values in chapter 5.3.4 of FIPS 180-4 and chapter 5.3.2 makes it obvious. And for SHA-384 NIST in chapter 5.3.4 states:
"These words were obtained by taking the first sixty-four bits of the fractional parts of the square roots of the ninth through sixteenth prime numbers."
We should therefore be able to update the shadata program to generate the SHA-224 constants.
Suggestion: Change the comments in sha256.c (for sha224) to point to the origin of the constants. And also add a short comment in sha1.c and md5.c that the constants are simple patterns.
According to Thomas the sequence pattern in md5 was choosen by Rivest quite arbitrarily.
- -- Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning. ======================================================================== Joachim Strömbergson Secworks AB joachim@secworks.se ========================================================================