What are the differences between SHA1 and RSA? Are they just different algorithms or are they fundamentally(ie used for different things) different on some level.
+17
A:
Fundamentally different.
SHA1 is a hash algorithm, which is a one way function, turning an input of any size into a fixed-length output (128 bit in this case). A cryptographic hash function is one for which it should not be possible to find two inputs giving the same output except by brute force (for instance, with a 128-bit function you should need to try on average 2^64 message to find such a "collision" due to something called the birthday paradox - Google it for more).
In fact for SHA1 this is no longer the case - the algorithm is (in cryptographic terms at least) broken now, with a collision attack described by Xiaoyun Wang et al that beats a classic birthday attack. The SHA2 family is not broken, and a process is underway by NIST to agree on a SHA3 algorithm or family of algorithms.
RSA is an asymmetric encryption algorithm, encrypting an input into an output that can then be decrypted (contrast a hash algorithm which can't be reversed). It uses a different key for encryption (the public one) than for decryption (the private one). This can therefore be used to receive encrypted messages from others - you can publish your public key, but only you with the private key can then decrypt the messages that have been encrypted with it.
If you reverse the keys for RSA, it can be used to generate a digital signature - by encrypting something with your private key, anyone can decrypt it with the public key and, if they are sure the public key belongs to you, then they have confidence that you were the one who encrypted the original. This is normally done in conjunction with a hash function - you hash your input, then encrypt that with your private key, giving a digital signature of a fixed length for your input message.
David M
2009-04-09 10:50:54
"than for encryption (the private one)" .. You mean decryption? :P
cwap
2009-04-09 10:51:48
Yes, thanks. Typo fixed.
David M
2009-04-09 10:52:57
The problem with collision is traditionally called "birthday paradox", not "effect".
sharptooth
2009-04-09 10:57:45
Have heard it called both, but will edit. When applied to trying to find a collision on a hash function, use of this paradox or effect is then called a "birthday attack", which is the term I'm most familiar with of the three!
David M
2009-04-09 10:59:59
+2
A:
SHA1 is a hashing algorithm (Document and certification signing) while RSA is an encryption/decryption algorithm (Secure communications).
Spencer Ruport
2009-04-09 10:50:56
A:
The Secure Hash Algorithm (SHA) algorithm takes a message of less than 264 bits in length and produces a 160-bit message digest. The algorithm is slightly slower than MD5, but the larger message digest makes it more secure against brute-force collision and inversion attacks. The algorithm specified in the Secure Hash Standard (SHS, FIPS 180), was developed by NIST. SHA-1 is a revision to SHA that was published in 1994; the revision corrected an unpublished flaw in SHA. Its design is very similar to the MD4 family of hash functions developed by Rivest. SHA-1 is also described in the ANSI X9.30 standard.
RSA is an algorithm for public-key cryptography. It is the first algorithm known to be suitable for signing as well as encryption, and one of the first great advances in public key cryptography. RSA is widely used in electronic commerce protocols, and is believed to be secure given sufficiently long keys and the use of up-to-date implementations.
The most notable difference is that SHA is an encryption algorithm whereas RSA is both an encryption as well as signing algorithm.
On 8/16/2005 it was announced that it is possible to find a collision in SHA-1 in 2^63 operations. This research result is due to Professor Xiaoyun Wang of Tsinghua University in Beijing, together with Professors Andrew Yao and Frances Yao. It extends the work of Wang, Yin, and Yu, which demonstrated that a collision could be found in 2^69 operations. What that means is that it is easier for a collision to occur in SHA than in RSA - but notably, no two similar keys have ever been found that collided.
Sandy
2009-04-09 10:57:26
SHA is NOT an encryption algorithm. It is a hash algorithm. These are different beasts.
David M
2009-04-09 11:01:52
+1
A:
SHA1 is a cryptographic hash function, whereas RSA is an algorithm for encryption.
A hash function takes a piece of data and return a string of fixed length. In a cryptographic hash function all return strings have the same probability. Given only the hash number you can't determine the input, nor can you find another input that gives the same hash (excpetion with a very very small probability). Sha1 has some security flaws.
An algorithm for encryption gives takes a piece of data, but the output is not of fixed length - your encryption. Given the output (the encryption) you can (if you have the right keys) determine the input.
AnnaR
2009-04-09 10:58:41
+1
A:
As others have commented, they are fundamentally different things serving different functions. You use RSA to scramble information into a seemingly random form, while you use SHA1 to ensure the integrity of the message (i.e. none of the bits have changed). In a security application, you will use one or both, depending on what functionality you need.
sybreon
2009-04-09 11:12:58