Pure Rust implementation of the SHA-1 cryptographic hash algorithm with collision detection.
The SHA-1 hash function should be considered cryptographically broken and unsuitable for further use in any security critical capacity, as it is practically vulnerable to chosen-prefix collisions.
But, this crate provides the detection algorithm pioneered by git, to detect hash collisions when they occur and prevent them. The paper has more details on how this works.
This implementation will be slower to use than the pure SHA-1 implementation, as it has to do more computations and it can not rely on hardware acceleration available on some CPUs.
use hex_literal::hex;
use sha1_checked::Sha1;
let result = Sha1::try_digest(b"hello world");
assert_eq!(result.hash().as_ref(), hex!("2aae6c35c94fcfb415dbe95f408b9ce91ee846ed"));
assert!(!result.has_collision());
// Hex-encode hash using https://docs.rs/base16ct
let hex_hash = base16ct::lower::encode_string(result.hash().as_ref());
assert_eq!(hex_hash, "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed");
use hex_literal::hex;
use sha1_checked::{Sha1, Digest};
let mut hasher = Sha1::new();
hasher.update(b"hello world");
let result = hasher.try_finalize();
assert_eq!(result.hash().as_ref(), hex!("2aae6c35c94fcfb415dbe95f408b9ce91ee846ed"));
assert!(!result.has_collision());
Also, see the examples section in the RustCrypto/hashes readme.
Rust 1.81 or higher.
Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump.
- All on-by-default features of this library are covered by SemVer
- MSRV is considered exempt from SemVer as noted above
The crate is licensed under either of:
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.