What's the use of SHA on Non Digital Signature applications? Why is SHA1 not a risk for Non Digital Signature applications? What's the difference between Non Digital Signature applications vs. Digital Signature?
Asked
Active
Viewed 263 times
1 Answers
2
SHA1 can be used for error detecting just like CRC32, but with much stronger message integrity guarantee (though not as strong as SHA-256).
SHA1 can also be used for generating random bits. This can be done by instantiating NIST-SP-800-90Ar1 Hash_DRBG and HMAC_DRBG with SHA1 and HMAC-SHA1 respectively.
SHA1 can also be used in key derivation functions. PBKDF2 and HKDF can be instantiated from it.
The security requirement difference between digital signature and non digital signature application is that: the hash that directly process the input message must be collision resistant, which SHA1 can provides a maximum of 63-bit security due to its structural weakness; non digital signature applications often only require appearant randomess of the output.
DannyNiu
- 10,640
- 2
- 27
- 64