SHA-512, SHA-512/224, SHA-512/256

SHA-512 and its two truncated variants (SHA-512/224 and SHA-512/256) belong to the SHA-2 family of cryptographic hashes. The three functions produce the digest of a message, respectively 512, 224 or 256 bits long.

SHA-512 is roughly 50% faster than SHA-224 and SHA-256 on 64-bit machines, even if its digest is longer. The speed-up is due to the internal computation being performed with 64-bit words, whereas the other two hash functions employ 32-bit words.

SHA-512/224, SHA-512/256, and SHA-384 too are faster on 64-bit machines for the same reason.

This is an example showing how to use SHA-512:

>>> from Crypto.Hash import SHA512
>>>
>>> h = SHA512.new()
>>> h.update(b'Hello')
>>> print(h.hexdigest())
3615f80c9d293ed7402687f94b22d58e529b8cc7916f8fac7fddf7fbd5af4cf777d3d795a7a00a16bf7e7f3fb9561ee9baae480da9fe7a18769e71886b03f315

This is an example showing how to use SHA-512/256:

>>> from Crypto.Hash import SHA512
>>>
>>> h = SHA512.new(truncate="256")
>>> h.update(b'Hello')
>>> print(h.hexdigest())
7e75b18b88d2cb8be95b05ec611e54e2460408a2dcf858f945686446c9d07aac

SHA stands for Secure Hash Algorithm.

Warning

SHA-512 is vulnerable to length-extension attacks, which are relevant if you are computing the hash of a secret message.

For instance, let’s say you were planning to build a cheap MAC by concatenating a secret key to a public message m (bad idea!):

\[h = \text{SHA-512}(m || k)\]

By only knowing the digest h and the length of m and k, the attacker can easily compute a second digest h’:

\[h' = \text{SHA-512}(m || p || z)\]

where p is a well-known bit string and the attacker can pick a bit string z at will.

The two variants SHA-512/224 and SHA-512/256 are not vulnerable to length-extension attacks.

class Crypto.Hash.SHA512.SHA512Hash(data, truncate)

A SHA-512 hash object (possibly in its truncated version SHA-512/224 or SHA-512/256. Do not instantiate directly. Use the new() function.

Variables:
  • oid (string) – ASN.1 Object ID

  • block_size (integer) – the size in bytes of the internal message block, input to the compression function

  • digest_size (integer) – the size in bytes of the resulting hash

copy()

Return a copy (“clone”) of the hash object.

The copy will have the same internal state as the original hash object. This can be used to efficiently compute the digests of strings that share a common initial substring.

Returns:

A hash object of the same type

digest()

Return the binary (non-printable) digest of the message that has been hashed so far.

Returns:

The hash digest, computed over the data processed so far. Binary form.

Return type:

byte string

hexdigest()

Return the printable digest of the message that has been hashed so far.

Returns:

The hash digest, computed over the data processed so far. Hexadecimal encoded.

Return type:

string

new(data=None)

Create a fresh SHA-512 hash object.

update(data)

Continue hashing of a message by consuming the next chunk of data.

Parameters:

data (byte string/byte array/memoryview) – The next chunk of the message being hashed.

Crypto.Hash.SHA512.new(data=None, truncate=None)

Create a new hash object.

Parameters:
  • data (bytes/bytearray/memoryview) – Optional. The very first chunk of the message to hash. It is equivalent to an early call to SHA512Hash.update().

  • truncate (string) – Optional. The desired length of the digest. It can be either “224” or “256”. If not present, the digest is 512 bits long. Passing this parameter is not equivalent to simply truncating the output digest.

Return:

A SHA512Hash hash object