I commonly see SHA-256 or SHA-1 on virus tests on malware but I don’t really know what it means. what is the number mean after the – and how are all of them different?

In: 3

SHA stands for Secure Hash Standard. It is a one way cryptographic algorithm. You can input any data to the function and it will output a “unique” hash number representing that data and there is theoretically no way of reversing the algorithm to get the data from this hash. SHA-1 was the first of these standards and produces a hash of 160 bits. But this was not enough after some time and SHA-2 came around and could produce several different outputs for future proofing, among other 256 bit and 512 bit output. But even this turned out to be too little so SHA-3 came along with an arbitrary length output. To distinguish between these different variants of the same algorithm we tend to call SHA-2 for SHA-256 or SHA-512 depending on the variant used and SHA-3 is called SHA3-256, SHA3-512 or say SHA-1024.

It’s a hash. Think about the number:

1098710329581263501982375122304965872340698273464326323509283752039857230958725

Now is that the exact right number we want? How do we check? Well we could send you the exact same number, or we could sum up all the digits together and just send that. If I send you this special number, and tell you the JustAddTheDigitsTogetherHash for my special number is 9. Then you can tell if I sent you the right number. But with this terribly simple hash, any number has a 1 out of 10 chance of yeilding 9. SHA1 was the first in it’s line. The second included SHA256 which uses 256 bits.

You can run a hash on just about anything and get a number out that lets you identify it later. Using hashes on viruses let’s us know when a program is a among a list of known viruses with known hashes. (offer not available for polymorphic code).

To simplify this further.

It’s basically math that looks at the program, runs it through a very complex equation and then spits out the answer. If the program is the same down the hexadecimal(parts that computers read, not quite binary but close), then it will have the same answer. The answer is what you use to compare to a known value to make sure the program is the same and has not been tampered with.

Like a finger print sort of.

A huge over simplification would be instead of sending a full phone number, you could ask “Hey, if you multiply the numbers of the phone number together do then divide them by your secret number do you get 3082877913?”

If yes, then it’s probably the same number.

But with computers, the numbers are huge and the math is very very complex.

It’s a one way algorithm meaning you *shouldn’t* be able to use the output numbers, to tell anything about the program or the algorithm. Meaning that the input, should not predictably change the output numbers. Though SHA-1 has been cracked for years.

For example, “X+2=Y”, and then Y=4 you can tell that X is 2. If you add 1 to X, then the output would change to 5.

Ideally, you would have no idea how to make to predictably change Y, because if you can predictably change the output, you can theoretically replace any program or picture, verified with SHA with another.

SHA-1 as said before, is relatively simple. Spits out 20(If I remember correctly) numbers. Broken a long while ago.

SHA-256 spits out 64 and has a much larger algorithm. Still secure as far as I know.

Secure Hashing Algorithm. Essentially a complicated one-way math function, which takes an arbitrarily-sized input (in this case, an entire file on a computer) and creates a specific random-looking output. Importantly, it’s not *truly* random, if you give it the same input, you’ll get the same output every time, but you change anything at all and the output changes completely.

The reason you do this for something like a virus check is so you can know that a piece of software hasn’t been changed; if anything is changed about it, you’d get a different hash from what you expect.

SHA-1 and SHA-2 were older standards, SHA-256 is the current standard, which ought to hold up a heck of a lot longer even with more and more powerful computers. With SHA-1 and 2, it’s possible to deliberately change a file in such a way that you get the same output from the altered version as the original, meaning you can insert malware and still have the same hash.

It’s a cryptographic hash function, it basically assigns a unique but seemingly random number to anything you give the function

so for example you can take the sha 256 of a program and if someone has the same number it means they have the same program without sending everything

SHA 1 the secure hash algorithm version 1, generated a 160 bit number, however it’s pretty old and people have figured out that it is possible to trick it and forge a file that has the same sha1 as another file, which means it’s not as secure

SHA 256 generates a 256 bit number and it’s considered very secure and basically impossible to tamper with