The SHA (Secure Hash Algorithm) family is a set of related cryptographic hash functions developed by NSA and standardized by NIST (pdf).

This standard specifies four secure hash algorithms, SHA-1, SHA-256, SHA-384, and SHA-512. All four of the algorithms are iterative, one-way hash functions that can process a message to produce a condensed representation called a message digest. These algorithms enable the determination of a message’s integrity: any change to the message will, with a very high probability, result in a different message digest. This property is useful in the generation and verification of digital signatures and message authentication codes, and in the generation of random numbers.

Each algorithm can be described in two stages: preprocessing and hash computation. Preprocessing involves padding a message, parsing the padded message into m-bit blocks, and setting initialization values to be used in the hash computation. The hash computation generates a message schedule from the padded message and uses that schedule, along with functions, constants, and word operations to iteratively generate a series of hash values. The final hash value generated by the hash computation is used to determine the message digest.

Diagram of the iterated hash function structure.
From A Cryptographic Compendium by John Savard.

Diagram of the compression function.
From A Cryptographic Compendium by John Savard.

Notes on Clipperz’s implementation

In order obtain the 128-bit security level and eliminate some weaknesses due to the iterative nature of the SHA family, the hash function used throughout Clipperz is

• SHA_d-256(m) = SHA-256(SHA-256(m))

where SHA-256 is the member of the SHA family with a 256-bit output and m is an arbitrary length message.

This solution is computationally expensive, but it solves both the length extension problem and the partial-message collision issue that afflict SHA algorithms.