SHA_{d}-256 (also written as SHA_d-256, SHA_d256, SHAd256, etc.) is an iterative hash function introduced by Niels Ferguson and Bruce Schneier in their book, Practical Cryptography. Like NMAC and HMAC, SHA_{d}-256 is designed to avoid length extensions that are possible with ordinary SHA-256 (and most other iterative hash functions). This page provides test vectors for SHA_{d}-256, which are missing from the book.
SHA_{d}-256 is defined as follows:
SHA_{d}-256(m) := SHA-256(SHA-256(m))
As of this writing, SHA_{d}-256 has not received much peer review, so using it instead of HMAC-SHA-256 is not recommended. The main purpose of posting these test vectors is to aid implementation of Fortuna (also introduced in Practical Cryptography), which uses SHA_{d}-256.
Download the test vectors: SHAd256_Test_Vectors.txt (1.2 MB US-ASCII plain text).
SHA256 sum: aa9001bb6ebab8902e19c522fe2dc079dadb5267529d1e4cada1cfd99b2c28a1
Each line of the file that starts with a colon (':') is a test vector. Lines without a colon in the first column should be ignored.
After the colon, each test vector consists of several values separated by white-space. The values are, in order:
The following special cases are defined:
Here is a small sample of the 7583 test vectors included in the file:
Identifier | Input length (in octets) | Input data | SHA-256 hash | SHA_{d}-256 hash |
---|---|---|---|---|
EMPTY | 0 | (empty string) |
e3b0c44298fc1c149afbf4c8996fb924 27ae41e4649b934ca495991b7852b855 |
5df6e0e2761359d30a8275058e299fcc 0381534545f55cf43e41983f5d4c9456 |
NIST.1 | 3 | "abc" |
ba7816bf8f01cfea414140de5dae2223 b00361a396177a9cb410ff61f20015ad |
4f8b42c22dd3729b519ba6f68d2da7cc 5b2d606d05daed5ad5128cc03e6c6358 |
NIST.3 | 1000000 | ("a" repeated 1,000,000 times) |
cdc76e5c9914fb9281a1c7e284d73e67 f1809a48a497200e046d39ccc7112cd0 |
80d1189477563e1b5206b2749f1afe48 07e5705e8bd77887a60187a712156688 |
RC4.16 | 16 |
(first 16 bytes of RC4 keystream where the key = 0) de188941a3375d3a8a061e67576e926d |
067c531269735ca7f541fdaca8f0dc76 305d3cada140f89372a410fe5eff6e4d |
2182d3fe9882fd597d25daf6a85e3a57 4e5a9861dbc75c13ce3f47fe98572246 |
RC4.55 | 55 |
(first 55 bytes of RC4 keystream where the key = 0) de188941a3375d3a8a061e67576e926d c71a7fa3f0cceb97452b4d3227965f9e a8cc75076d9fb9c5417aa5cb30fc2219 8b34982dbb629e |
038051e9c324393bd1ca1978dd0952c2 aa3742ca4f1bd5cd4611cea83892d382 |
3b4666a5643de038930566a5930713e6 5d72888d3f51e20f9545329620485b03 |
RC4.2^36+128 | 68719476864 | (first 2^{36}+128 bytes of RC4 keystream where the key = 0) |
02eaeaeba71b64a97cc41c83625e497e 64d991e0966773131b143689e50bd87d |
f84bef74588a23683db45304c4fa973b 09a6045b46a0be5eb0b28c4dbb2a21be |