The National Software Reference Library Banner

The National Software Reference Library Logo

NSRL Project

Privacy Policy/Security Notice
Disclaimer | FOIA

NIST is an agency of the
U.S. Commerce Department

Date created: 8/20/2003
Last updated: July 25, 2007

Technical comments: nsrl@nist.gov

Website comments: web897@nist.gov

 

NSRL Test Data

A common request the NSRL project receives is to provide hashing algorithms to customers. It is not the mission of the NSRL project to provide hashing implementations. However, we can provide two avenues of assistance.

First, we can point you to the Secure Hash Standard (SHS) Validation List , where implementations have been validated as conforming to the Secure Hash Algorithms specified in Federal Information Processing Standard (FIPS) 180-2, Secure Hash Standard (SHS), using tests described in The Secure Hash Algorithm Validation System (SHAVS). These tests validate implementations of SHA-1, SHA-256, SHA-384, and SHA-512.

Second, if you are not a Federal agency bound by the FIPS 140-2 Security Requirements for Cryptographic Modules, and are not seeking a rigorously validated SHA implementation, we can provide you with test data that will enable you to informally verify the correctness of an SHA-1 or MD5 implementation.

The Secure Hash Algorithms (SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512) are specified in FIPS 180-2 with Change Notice 1 dated February 25, 2004, Secure Hash Standard (SHS).

Within FIPS 180-2 are SHA-1 example messages.

  • Let the message be the ASCII string "abc". [file] The resulting 160-bit message digest is a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d.
  • Let the message be the ASCII string "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq". [file] The resulting 160-bit message digest is 84983e44 1c3bd26e baae4aa1 f95129e5 e54670f1.
  • Let the message be the binary-coded form of the ASCII string which consists of 1,000,000 repetitions of the character "a". [file] The resulting SHA-1 message digest is 34aa973c d4c4daa4 f61eeb2b dbad2731 6534016f.
If the SHA-1 implementation you are using does not yield the expected results shown above for the example message strings, you may have a problem.

For the sake of informal testing, here are the MD5 equivalents of the same message strings:

  • Let the message be the ASCII string "abc". [file] The resulting 128-bit message digest is 90015098 3CD24FB0 D6963F7D 28E17F72.
  • Let the message be the ASCII string "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq". [file] The resulting 128-bit message digest is 8215EF07 96A20BCA AAE116D3 876C664A.
  • Let the message be the binary-coded form of the ASCII string which consists of 1,000,000 repetitions of the character "a". [file] The resulting MD5 message digest is 7707D6AE 4E027C70 EEA2A935 C2296F21.
Be aware, MD5 is not recognized by FIPS 140-2, Security Requirements for Cryptographic Modules.

For the sake of informal testing, here are the SHA-256 equivalents of the same message strings:

  • Let the message be the ASCII string "abc". [file] The resulting 256-bit message digest is BA7816BF 8F01CFEA 414140DE 5DAE2223 B00361A3 96177A9C B410FF61 F20015AD.
  • Let the message be the ASCII string "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq". [file] The resulting 256-bit message digest is 248D6A61 D20638B8 E5C02693 0C3E6039 A33CE459 64FF2167 F6ECEDD4 19DB06C1.
  • Let the message be the binary-coded form of the ASCII string which consists of 1,000,000 repetitions of the character "a". [file] The resulting SHA-256 message digest is CDC76E5C 9914FB92 81A1C7E2 84D73E67 F1809A48 A497200E 046D39CC C7112CD0.
If the SHA-256 implementation you are using does not yield the expected results shown above for the example message strings, you may have a problem.

For a more rigorous test set, you should see http://csrc.nist.gov/cryptval/shs.html and download the SHA-1 Sample Vectors . This file describes tests and vectors that can be used to informally verify the correctness of an SHA-1 implementation. However, use of these vectors does not take the place of validation obtained through the Cryptographic Module Validation Program.

To assist you in using the sample vectors, you can download a subset of the SHA-1 Sample Vectors, customized by the NSRL, which includes a pre-built collection of 196 byte-oriented files, a support file, the SHA-1 and MD5 digests. Extract the files from this Zip file, run your SHA-1 and/or MD5 implementation against the files, and compare the output to the expected hash values.

Using the test data above, you can informally verify the correctness of SHA-1 or MD5 implementations that either come preinstalled on your computer sytem, or that you have acquired through other means.