Skip to content

Latest commit

 

History

History
 
 

sha1-checked

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

RustCrypto: SHA-1 Checked

crate Docs Apache2/MIT licensed Rust Version Project Chat Build Status

Pure Rust implementation of the SHA-1 cryptographic hash algorithm with collision detection.

🚨 Warning: Cryptographically Broken! 🚨

The SHA-1 hash function should be considered cryptographically broken and unsuitable for further use in any security critical capacity, as it is practically vulnerable to chosen-prefix collisions.

But, this crate provides the detection algorithm pioneered by git, to detect hash collisions when they occur and prevent them. The paper has more details on how this works.

This implementation will be slower to use than the pure SHA-1 implementation, as it has to do more computations and it can not rely on hardware acceleration available on some CPUs.

Examples

One-shot API

use hex_literal::hex;
use sha1_checked::Sha1;

let result = Sha1::try_digest(b"hello world");
assert_eq!(result.hash().as_ref(), hex!("2aae6c35c94fcfb415dbe95f408b9ce91ee846ed"));
assert!(!result.has_collision());

// Hex-encode hash using https://docs.rs/base16ct
let hex_hash = base16ct::lower::encode_string(result.hash().as_ref());
assert_eq!(hex_hash, "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed");

Incremental API

use hex_literal::hex;
use sha1_checked::{Sha1, Digest};

let mut hasher = Sha1::new();
hasher.update(b"hello world");
let result = hasher.try_finalize();

assert_eq!(result.hash().as_ref(), hex!("2aae6c35c94fcfb415dbe95f408b9ce91ee846ed"));
assert!(!result.has_collision());

Also, see the examples section in the RustCrypto/hashes readme.

Minimum Supported Rust Version

Rust 1.72 or higher.

Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump.

SemVer Policy

  • All on-by-default features of this library are covered by SemVer
  • MSRV is considered exempt from SemVer as noted above

License

The crate is licensed under either of:

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.