SHA-1 takes an input of virtually any length in reality, there is an upper bound of approx- imately 2,097,152 terabytes on the algorithm and produces a 160-bit message digest. Due to the mathematical structure of the hashing algorithm, this provides 80 bits of protection against collision attacks. The SHA-1 algorithm processes a message in 512-bit blocks. Therefore, if the message length is not a multiple of 512, the SHA algorithm pads the message with additional data until the length reaches the next highest multiple of 512. Although SHA-1 is the current official standard for federal government applications, it is not quite strong enough. It was designed to work with the old Data Encryption Standard DES and its follow-on, Triple DES 3DES. The new Advanced Encryption Standard described in the preceding chapter supports key lengths of up to 256 bits. Therefore, the government is cur- rently evaluating three new hash functions to replace SHA-1 in the near future: SHA-256 produces a 256-bit message digest and provides 128 bits of protection against collision attacks. SHA-512 produces a 512-bit message digest and provides 256 bits of protection against collision attacks. SHA-384 uses a truncated version of the SHA-512 hash to produce a 384-bit digest that supports 192 bits of protection against collision attacks. Although it might seem trivial, take the time to memorize the size of the message digests produced by each one of the hash algorithms described in this chapter. MD2 The MD2 Message Digest 2 hash algorithm was developed by Ronald Rivest the same Rivest of Rivest, Shamir, and Adleman fame in 1989 to provide a secure hash function for 8-bit pro- cessors. MD2 pads the message so that its length is a multiple of 16 bytes. It then computes a 16-byte checksum and appends it to the end of the message. A 128-bit message digest is then generated by using the entire original message along with the appended checksum. Cryptanalytic attacks exist against improper implementations of the MD2 algorithm. Spe- cifically, Nathalie Rogier and Pascal Chauvaud discovered that if the checksum is not appended to the message before digest computation, collisions may occur. MD4 The next year, in 1990, Rivest enhanced his message digest algorithm to support 32-bit proces- sors and increase the level of security. This enhanced algorithm is known as MD4. It first pads the message to ensure that the message length is 64 bits smaller than a multiple of 512 bits. For example, a 16-bit message would be padded with 432 additional bits of data to make it 448 bits, which is 64 bits smaller than a 512-bit message. The MD4 algorithm then processes 512-bit blocks of the message in three rounds of com- putation. The final output is a 128-bit message digest.