SHA1 VS RSA: what's the difference between them?

Question

What are the differences between SHA1 and RSA? Are they just different algorithms or are they fundamentally (i.e. used for different things) different on some level.

Answer 1

Fundamentally different.

SHA1 is a hash algorithm, which is a one way function, turning an input of any size into a fixed-length output (160 bit in this case). A cryptographic hash function is one for which it should not be possible to find two inputs giving the same output except by brute force (for instance, with a 128-bit function you should need to try on average 2^64 message to find such a "collision" due to something called the birthday paradox - Google it for more).

In fact for SHA1 this is no longer the case - the algorithm is (in cryptographic terms at least) broken now, with a collision attack described by Xiaoyun Wang et al that beats a classic birthday attack. The SHA2 family is not broken, and a process is underway by NIST to agree on a SHA3 algorithm or family of algorithms.

Edit - Google have now generated and published an actual SHA1 collision.

RSA is an asymmetric encryption algorithm, encrypting an input into an output that can then be decrypted (contrast a hash algorithm which can't be reversed). It uses a different key for encryption (the public one) than for decryption (the private one). This can therefore be used to receive encrypted messages from others - you can publish your public key, but only you with the private key can then decrypt the messages that have been encrypted with it.

If you reverse the keys for RSA, it can be used to generate a digital signature - by encrypting something with your private key, anyone can decrypt it with the public key and, if they are sure the public key belongs to you, then they have confidence that you were the one who encrypted the original. This is normally done in conjunction with a hash function - you hash your input, then encrypt that with your private key, giving a digital signature of a fixed length for your input message.

Answer 2

Answers before are already sufficient explanations. But i think you ask this question just because SHA and RSA often come out together.So let me explain why.

First,keep in mind that

RSA is not efficient, but SHA is.

Suppose you download Windows 7, and want to make sure if it's original Windows 7 from Microsoft. If Microsoft just encrypts Windows 7 by RSA, it will takes a really long time to do that we can't stand it at all. So Microsoft uses SHA1 on Windows 7 and generates a 160 bits long data. And then Microsoft sign this 160 bits long data with RSA (use its private key).

Then, all you need to do is that make sure your public key is from Microsoft. And then use SHA1 to generate a 160 bits long data too. And then use public key of RSA to decrypt the signature of Microsoft. Then you just compare the two 160 bits long data to see if they match.

Answer 3

SHA1 is a hashing algorithm (Document and certification signing) while RSA is an encryption/decryption algorithm (Secure communications).

Answer 4

SHA1 is a cryptographic hash function, whereas RSA is an algorithm for encryption.

A hash function takes a piece of data and return a string of fixed length. In a cryptographic hash function all return strings have the same probability. Given only the hash number you can't determine the input, nor can you find another input that gives the same hash (excpetion with a very very small probability). Sha1 has some security flaws.

An algorithm for encryption gives takes a piece of data, but the output is not of fixed length - your encryption. Given the output (the encryption) you can (if you have the right keys) determine the input.

Answer 5

As others have commented, they are fundamentally different things serving different functions. You use RSA to scramble information into a seemingly random form, while you use SHA1 to ensure the integrity of the message (i.e. none of the bits have changed). In a security application, you will use one or both, depending on what functionality you need.

Answer 6

SHA is a 'one-way' encryption algorithm.It means you can't reach the input text by having output(result of algorithm).

RSA is a 'two-way' encryption decryption algorithm. It means you can reach input data(raw text) by having output (ciphered or encoded text).

Answer 7

The Secure Hash Algorithm (SHA) algorithm takes a message of less than 264 bits in length and produces a 160-bit message digest. The algorithm is slightly slower than MD5, but the larger message digest makes it more secure against brute-force collision and inversion attacks. The algorithm specified in the Secure Hash Standard (SHS, FIPS 180), was developed by NIST. SHA-1 is a revision to SHA that was published in 1994; the revision corrected an unpublished flaw in SHA. Its design is very similar to the MD4 family of hash functions developed by Rivest. SHA-1 is also described in the ANSI X9.30 standard.

RSA is an algorithm for public-key cryptography. It is the first algorithm known to be suitable for signing as well as encryption, and one of the first great advances in public key cryptography. RSA is widely used in electronic commerce protocols, and is believed to be secure given sufficiently long keys and the use of up-to-date implementations.

The most notable difference is that SHA is an encryption algorithm whereas RSA is both an encryption as well as signing algorithm.

On 8/16/2005 it was announced that it is possible to find a collision in SHA-1 in 2^63 operations. This research result is due to Professor Xiaoyun Wang of Tsinghua University in Beijing, together with Professors Andrew Yao and Frances Yao. It extends the work of Wang, Yin, and Yu, which demonstrated that a collision could be found in 2^69 operations. What that means is that it is easier for a collision to occur in SHA than in RSA - but notably, no two similar keys have ever been found that collided.