This page uses content from Wikipedia and is licensed under CC BYSA.
Secure Hash Algorithm  

Concepts  
hash functions · SHA · DSA  
Main standards  
SHA0 · SHA1 · SHA2 · SHA3


The Secure Hash Algorithms are a family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard (FIPS), including:
The corresponding standards are FIPS PUB 180 (original SHA), FIPS PUB 1801 (SHA1), FIPS PUB 1802 (SHA1, SHA256, SHA384, and SHA512). NIST has updated Draft FIPS Publication 202, SHA3 Standard separate from the Secure Hash Standard (SHS).
In the table below, internal state means the "internal hash sum" after each compression of a data block.
Algorithm and variant  Output size (bits) 
Internal state size (bits) 
Block size (bits) 
Max message size (bits) 
Rounds  Operations  Security bits (Info) 
Capacity against length extension attacks 
Performance on Skylake (median cpb)^{[1]}  First Published  

long messages  8 bytes  
MD5 (as reference)  128  128 (4 × 32) 
512  Unlimited^{[2]}  64  And, Xor, Rot, Add (mod 2^{32}), Or  <64 (collisions found) 
0  4.99  55.00  1992  
SHA0  160  160 (5 × 32) 
512  2^{64} − 1  80  And, Xor, Rot, Add (mod 2^{32}), Or  <34 (collisions found) 
0  ≈ SHA1  ≈ SHA1  1993  
SHA1  <63 (collisions found^{[3]}) 
3.47  52.00  1995  
SHA2  SHA224 SHA256 
224 256 
256 (8 × 32) 
512  2^{64} − 1  64  And, Xor, Rot, Add (mod 2^{32}), Or, Shr  112 128 
32 0 
7.62 7.63 
84.50 85.25 
2001 
SHA384 SHA512 
384 512 
512 (8 × 64) 
1024  2^{128} − 1  80  And, Xor, Rot, Add (mod 2^{64}), Or, Shr  192 256 
128 (≤ 384) 0 
5.12 5.06 
135.75 135.50 

SHA512/224 SHA512/256 
224 256 
112 128 
288 256 
≈ SHA384  ≈ SHA384  
SHA3  SHA3224 SHA3256 SHA3384 SHA3512 
224 256 384 512 
1600 (5 × 5 × 64) 
1152 1088 832 576 
Unlimited^{[4]}  24^{[5]}  And, Xor, Rot, Not  112 128 192 256 
448 512 768 1024 
8.12 8.59 11.06 15.88 
154.25 155.50 164.00 164.00 
2015 
SHAKE128 SHAKE256 
d (arbitrary) d (arbitrary) 
1344 1088 
min(d/2, 128) min(d/2, 256) 
256 512 
7.08 8.59 
155.25 155.50 
All SHAfamily algorithms, the FIPSapproved security functions, are subject to official validation at the CMVP, a joint program (Cryptographic Module Validation Program) run by the American's National Institute of Standards and Technology (NIST) and the Canadian's Communications Security Establishment (CSE).
In the unlikely event that b is greater than 2^64, then only the loworder 64 bits of b are used.