stackoom
  简体   繁体   中英

What specific hash algorithm does MessageDigest.getInstance(“SHA”) return?

 原文  2013-02-15 21:23:48       java/ cryptography/ undefined-behavior

Question

MessageDigest.getInstance("SHA") seems to work and gives me a MessageDigest , but I can't tell what algorithm it's giving me.

Is it SHA-1 or SHA-0 or ..?

I'm not interested in what happens on my machine. I want to know whether it will return sha0 or sha1 for all valid implementations of Java (or it's undefined).

2 answers

solution1
 25 ACCPTED  2013-02-15 22:55:52

The JCE Specification lists standard names that an implementation is expected to support. "SHA-1" is specified, as are SHA-256, SHA-384, and SHA-512. "SHA", "SHA-0" and SHA-2" are not standard names and therefore may not be supported at all. You cannot guarantee what "SHA" will return, if anything at all, because it is not in the standard.

solution2
 17  2013-02-15 21:35:46

SHA-0 is obsolete. For use with the Java JCE MessageDigest, SHA == SHA-1 for some JCE providers. By the way, SHA-1 is not considered to be secure with today's computers and technology. SHA-512 is still secure for pretty much anything. SHA-256 is ok for most things, still.

You can list the protocols available in the Java version you are using with this code. (I got it here ): 

import java.security.Provider;
import java.security.Security;

public class JceLook {

    public static void main(String[] args) {
        System.out.println("Algorithms Supported in this JCE.");
        System.out.println("====================");
        // heading
        System.out.println("Provider: type.algorithm -> className" + "\n  aliases:" + "\n  attributes:\n");
        // discover providers
        Provider[] providers = Security.getProviders();
        for (Provider provider : providers) {
            System.out.println("<><><>" + provider + "<><><>\n");
            // discover services of each provider
            for (Provider.Service service : provider.getServices()) {
                System.out.println(service);
            }
            System.out.println();
        }
    }
}

It will show information like this for all the various algorithms available. (Note that this is actual output from the program above for some update level of Oracle/Sun Java 6 and it shows that SHA is equivalent to SHA-1 and SHA1. You can pass any of the three strings to MessageDigest and get the same result. But this depends on the Cryptography Provider (the JCE) and might not be the same.) 

SUN: MessageDigest.SHA -> sun.security.provider.SHA
  aliases: [SHA-1, SHA1]
  attributes: {ImplementedIn=Software}

If you load additional providers (eg BouncyCastle) it will show those too.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question MessageDigest.getInstance(algorithm) always throwing NoSuchAlgorithmException CryptoJS.SHA1 vs MessageDigest.getInstance(“SHA-1”).digest() Exception when calling MessageDigest.getInstance(“SHA256”) What is the equivalent of the Java method 'MessageDigest.getInstance()' in c# ? Mocking MessageDigest.getInstance() to throw an exception Java OSX MessageDigest.getInstance(“MD5”) hangs Output of perl Digest::MD5 md5($data) and java MessageDigest.getInstance(“MD5”).digest($data) are different How to reproduce java MessageDigest SHA-256 hash in PHP? What exactly does specifying “AES” as the algorithm in KeyGenerator.getInstance() do? Java's MessageDigest SHA1-algorithm returns different result than SHA1-function of php
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM