Using sha256 instead of sha1

Projects Programming
1

Hi everybody,

this question is invoked by this topic

but focuses on a certain aspect that is - somehow - more general.
This is the reason why I decided to post it as its own thread.
@moderators: I'm aware of the rule of not crossposting. This question is generalised and this is the reason why I see it not as a cross-posting.

I'm using a code that uses sha1-encryption like this:

	_byteArray[0] = 0x00;
	_byteArray[1] = 0x00;
	_byteArray[2] = 0x00;
	_byteArray[3] = 0x00;
	_byteArray[4] = (int)((steps >> 24) & 0xFF);
	_byteArray[5] = (int)((steps >> 16) & 0xFF);
	_byteArray[6] = (int)((steps >> 8) & 0XFF);
	_byteArray[7] = (int)((steps & 0XFF));
	
	// STEP 1, get the HMAC-SHA1 hash from counter and key
	Sha1.initHmac(_hmacKey, _keyLength);
	Sha1.write(_byteArray, 8);
	_hash = Sha1.resultHmac();

in the completed code the results are wrong. So as a quick guess I want to test if the results become right if I use sha256 instead.

If I search my arduino-folders for sha256.h I get listed a lot of different sha256.h-files.

I don't know anything about sha1 / sha256-encryption yet. I'm completely lost which one to use.

@the sha-specialists: What additional information do you need to make a suggestion which sha256.h-library I can use to switch from sha1 to sha256?

best regards Stefan

2

FYI, SHAx is not an encryption algorithm, but rather a hashing algorithm. The output of hashing is a message that can't be converted back to the original message, unlike encryption, where an encrypted message can be decrypted back with the correct keys.

3

Hi hz,

thank you for clearing up this.
I read some intructional material about google-authenticator and learned they still use sha1 (which is the 160bit hash)
best regards Stefan

4

sha1 has just 160 bits. i don't believe you can recreate the original data from a hashing function especially when the hash value has fewer bits that the original data.

and of course other data sets can produce the same sha value, similar to checksums

5

If you were using an STM32L4+ MCU, I have low-level driver code for the hardware MD5/SHA peripheral in those MCU...

6

@gcjr and @hzrnbgy ,

thank you for taking time to post. I came to the conclusion that changing from sha1 to sha256 is not suitable in this case. In addition this means my initial question which sha256-library is easy to use and independant of other libraries = standalone usable has become obsolete.

best regards Stefan

7

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.