I have been educating myself recently about the SHA-2 hashing algorithm, and in

Question

I have been educating myself recently about the SHA-2 hashing algorithm, and in the midst of this pursuit, I've encountered a question:

This algorithm uses a set of constant hexadecimal values, derived from the cube root of prime numbers, as a starting point for the process. Because these values can be known to anyone, does this not open some level of vulnerability to the hashed values? Would it not be better to use a set of less predictable values?

I don't know a great deal about cryptography, so forgive me if this question is silly in some way I do not understand, but I am very curious about the answer.

Explanation / Answer

Actually, there aren't any "unpredictable values".

SHA-2 is a hash function (actually, it's a family of 6 hash functions; we'll ignore that point for now); a hash function is designed so that anyone can compute it.

One use of a hash function is during signature generation and verification; typically, the signer takes the message, and hashes it, and then applies the signature operation to the hash. Then, the verifier takes the message, hashes it, and then verifies the hash against the signature. If the verifier could not compute this hash, he could not verify that the signature corresponded to this message.

Because of this, the entire specification of SHA-2 must be made public, so that the verifier (and anyone else) can compute it. That is, any internal table values must also be public, because they are needed to compute the hash function.

Because we're going to tell everyone what the values are, they aren't, in any sense, unpredictable.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.