Template:Comparison of SHA functions
| Algorithm and variant | Output size (bits) |
Internal state size (bits) |
Block size (bits) |
Rounds | Operations | Security against collision attacks (bits) |
Security against length extension attacks (bits) |
Performance on Skylake (median cpb)[1] | First published | ||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Long messages | 8 bytes | ||||||||||
| MD5 (as reference) | 128 | 128 (4 × 32) |
512 | 64 | And, Xor, Rot, Add (mod 232), Or | ≤ 18 (collisions found)[2] |
0 | 4.99 | 55.00 | 1992 | |
| SHA-0 | 160 | 160 (5 × 32) |
512 | 80 | And, Xor, Rot, Add (mod 232), Or | < 34 (collisions found) |
0 | ≈ SHA-1 | ≈ SHA-1 | 1993 | |
| SHA-1 | < 63 (collisions found)[3] |
3.47 | 52.00 | 1995 | |||||||
| SHA-2 | SHA-224 SHA-256 |
224 256 |
256 (8 × 32) |
512 | 64 | And, Xor, Rot, Add (mod 232), Or, Shr | 112 128 |
32 0 |
7.62 7.63 |
84.50 85.25 |
2004 2001 |
| SHA-384 SHA-512 |
384 512 |
512 (8 × 64) |
1024 | 80 | And, Xor, Rot, Add (mod 264), Or, Shr | 192 256 |
128 (≤ 384) 0[4] |
5.12 5.06 |
135.75 135.50 |
2001 | |
| SHA-512/224 SHA-512/256 |
224 256 |
112 128 |
288 256 |
≈ SHA-384 | ≈ SHA-384 | 2012 | |||||
| SHA-3 | SHA3-224 SHA3-256 SHA3-384 SHA3-512 |
224 | |||||||||
- ^ "Measurements table". bench.cr.yp.to.
- ^ Tao, Xie; Liu, Fanbao; Feng, Dengguo (2013). Fast Collision Attack on MD5 (PDF). Cryptology ePrint Archive (Technical report). IACR.
- ^ Stevens, Marc; Bursztein, Elie; Karpman, Pierre; Albertini, Ange; Markov, Yarik. The first collision for full SHA-1 (PDF) (Technical report). Google Research.
{{cite tech report}}: External link in|lay-url=|lay-date=ignored (help); Unknown parameter|lay-source=ignored (help); Unknown parameter|lay-url=ignored (help) - ^ Without truncation, the full internal state of the hash function is known, regardless of collision resistance. If the output is truncated, the removed part of the state must be searched for and found before the hash function can be resumed, allowing the attack to proceed.