A common request the NSRL project receives is to provide hashing algorithms to customers. It is not the mission of the NSRL project to provide hashing implementations. However, we can provide two avenues of assistance.
First, we can point you to the Secure Hash Standard (SHS) Validation List, where implementations have been validated as conforming to the Secure Hash Algorithms specified in Federal Information Processing Standard (FIPS) 180-2, Secure Hash Standard (SHS), using tests described in The Secure Hash Algorithm Validation System (SHAVS). These tests validate implementations of SHA-1, SHA-256, SHA-384, and SHA-512.
Second, if you are not a Federal agency bound by the FIPS 140-2 Security Requirements for Cryptographic Modules, and are not seeking a rigorously validated SHA implementation, we can provide you with test data that will enable you to informally verify the correctness of an SHA-1 or MD5 implementation.
The Secure Hash Algorithms (SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512) are specified in FIPS 180-2 with Change Notice 1 dated February 25, 2004, Secure Hash Standard (SHS).
Within FIPS 180-2 are SHA-1 example messages.
If the SHA-1 implementation you are using does not yield the expected results shown above for the example message strings, you may have a problem.
For the sake of informal testing, here are the MD5 equivalents of the same message strings:
Be aware, MD5 is not recognized by FIPS 140-2, Security Requirements for Cryptographic Modules.
For the sake of informal testing, here are the SHA-256 equivalents of the same message strings:
If the SHA-256 implementation you are using does not yield the expected results shown above for the example message strings, you may have a problem.
To assist you in using the sample vectors, you can download a subset of the SHA-1 Sample Vectors, customized by the NSRL, which includes a pre-built collection of 196 byte-oriented files, a support file, the SHA-1 and MD5 digests. Extract the files from this Zip file, run your SHA-1 and/or MD5 implementation against the files, and compare the output to the expected hash values.
Using the test data above, you can informally verify the correctness of SHA-1 or MD5 implementations that either come preinstalled on your computer system, or that you have acquired through other means.