An implementation of the SHA-1 algorithm in Python, following the Federal Information Processing Standards Publication 180-4 (FIPS 180-4) specification sheet.
As students in COSC483: Applied Cryptography at the University of Tennessee Knoxville, we were tasked with implementing a modified version of the SHA-1 algorithm in any programming language of our choice. This modified SHA-1 implementation would allow users to start in the middle of a SHA-1 hashing operation given a previous intermediate value. This functionality allows adversaries to carry out a length extension attack. Therefore, using our SHA-1 implementation, we were then tasked with carrying out such an attack in a simulated environment.
This program requires Python3. It was specifically tested with Python v3.9.0.
To hash a given string, run the command:
> python sha.py mystringTo observe the intermediate values for each round of SHA-1, enable verbose logging:
> python sha.py -v mystringGiven a message No one has completed Project #3 so give them all a 0. and its accompanying MAC d907cdfc9f6107b8180ef703517944280478f178, you can perform the length extension attack with the following command:
> python attack.py --mac d907cdfc9f6107b8180ef703517944280478f178 "No one has completed Project #3 so give them all a 0." "P.S. Except for Joey Lemon, go ahead and give him the full points."This program is accompanied by a suite of unit tests designed to ensure the correct functionality of every routine involved in the SHA-1 algorithm. To execute the unit tests, run the command:
> python -m unittest