RustCrypto: SHA-1 Checked

Pure Rust implementation of the SHA-1 cryptographic hash algorithm with collision detection.

🚨 Warning: Cryptographically Broken! 🚨

The SHA-1 hash function should be considered cryptographically broken and unsuitable for further use in any security critical capacity, as it is practically vulnerable to chosen-prefix collisions.

But, this crate provides the detection algorithm pioneered by git, to detect hash collisions when they occur and prevent them. The paper has more details on how this works.

This implementation will be slower to use than the pure SHA-1 implementation, as more work as to be done.

Examples

One-shot API

use hex_literal::hex;
use sha1_checked::Sha1;

let result = Sha1::try_digest(b"hello world");
assert_eq!(result.hash().as_ref(), hex!("2aae6c35c94fcfb415dbe95f408b9ce91ee846ed"));
assert!(!result.has_collision());

Incremental API

use hex_literal::hex;
use sha1_checked::{Sha1, Digest};

let mut hasher = Sha1::new();
hasher.update(b"hello world");
let result = hasher.try_finalize();

assert_eq!(result.hash().as_ref(), hex!("2aae6c35c94fcfb415dbe95f408b9ce91ee846ed"));
assert!(!result.has_collision());

Also, see the examples section in the RustCrypto/hashes readme.

Minimum Supported Rust Version

Rust 1.72 or higher.

Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump.

SemVer Policy

• All on-by-default features of this library are covered by SemVer
• MSRV is considered exempt from SemVer as noted above

License

The crate is licensed under either of:

• Apache License, Version 2.0
• MIT license

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.