On Mon, May 14, 2007 at 01:23:13PM -0500, Andrew Berg wrote: > Sven Radde wrote: > > unless you can calculate SHA-1 values in your head... > I know it's off topic, but how hard would that be? I've never looked > over the algorithm.
As someone who has just implemented a hardware SHA-1/256 engine, "hard enough". For a piece of hardware, it's pretty simple - just lots and lots of shifts, rotates, XORs and modulo addition. The operations are not difficult to do, but you have to do them repeatedly. Realistically, you'd need a pen and paper (unless you're one of these people with incredible mathematical brainpower), and I'd guess that it'd take the average "clued up" person (i.e. someone who knows what XOR, modulo addition, etc. is) about half an hour for a small block of data. For SHA-1, you need to store five working variables (all 32-bit), plus a message schedule of sixteen 32-bit numbers. For each 64 bytes of input message, you need to do 80 iterations of the loop, each iteration contains 1 x 5-way addition, plus a two or 3-way XOR, plus some ANDing and inversion on some of the iterations. For SHA256, you've got eight working variables, and you only have 64 loop iterations per 64 bytes of data, but the operations in the loop are much more complicated. If you want more info, FIPS180-2 is the document you're after. -- David Smith | Tel: +44 (0)1454 462380 Home: +44 (0)1454 616963 STMicroelectronics | Fax: +44 (0)1454 462305 Mobile: +44 (0)7932 642724 1000 Aztec West | TINA: 065 2380 GPG Key: 0xF13192F2 Almondsbury | Work Email: [EMAIL PROTECTED] BRISTOL, BS32 4SQ | Home Email: [EMAIL PROTECTED] _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users