SHA: Secure Hash Algorithm Explained - CCIE Security Exam (400-251) Answers

# Secure Hash Algorithm (SHA): Key Concepts - CCIE Security Exam (400-251) Answers

### Question

Which two statements about SHA are correct? (Choose two.)

### Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

AC.

SHA (Secure Hash Algorithm) is a cryptographic hash function that is used to produce a fixed-length message digest from an input message of variable length. The message digest is typically used for digital signatures, message authentication codes (MACs), and other applications where data integrity and authenticity are important.

Here are the correct statements about SHA:

B. The message is split into 64-bit blocks for processing.

The input message is divided into 512-bit blocks and then divided into 16 32-bit words. These words are then processed through 64 rounds of operations that include bitwise operations, logical operations, and modular arithmetic. The result of each round is a 32-bit word, and the final output is a 160-bit hash value. Therefore, option B is incorrect.

C. The message is split into 512-bit blocks for processing.

This is the correct statement. The input message is split into 512-bit blocks, and each block is processed independently. This means that the SHA algorithm can handle messages of any length, up to 2^64 bits. The blocks are then processed through 80 rounds of operations to produce the 160-bit hash value. Therefore, option C is correct.

A. Five 32-bit variables are applied to the message to produce the 160-bit hash.

This statement is incorrect. The SHA-1 algorithm uses five 32-bit variables, called a, b, c, d, and e, to compute the hash value, but these variables are not applied directly to the input message. Instead, they are used in a series of operations that involve the input message and various constants. Therefore, option A is incorrect.

D. SHA-2 and MD5 both consist of four rounds of processing.

This statement is incorrect. SHA-2 and MD5 are both cryptographic hash functions, but they have different designs and use different numbers of rounds. MD5 uses four rounds of processing, while SHA-2 uses either 64 or 80 rounds, depending on the specific variant of the algorithm. Therefore, option D is incorrect.

In summary, the correct statements about SHA are:

• The message is split into 512-bit blocks for processing.
• Five 32-bit variables are used to compute the hash value in SHA-1, but they are not applied directly to the input message.