Old PC as Hardware Security Module?

David SMITH dave.smith at st.com
Tue May 15 10:59:58 CEST 2007

On Mon, May 14, 2007 at 01:23:13PM -0500, Andrew Berg wrote:
> Sven Radde wrote:
> > unless you can calculate SHA-1 values in your head...
> I know it's off topic, but how hard would that be? I've never looked
> over the algorithm.

As someone who has just implemented a hardware SHA-1/256 engine, "hard

For a piece of hardware, it's pretty simple - just lots and lots of
shifts, rotates, XORs and modulo addition.  The operations are not
difficult to do, but you have to do them repeatedly.  Realistically,
you'd need a pen and paper (unless you're one of these people with
incredible mathematical brainpower), and I'd guess that it'd take
the average "clued up" person (i.e. someone who knows what XOR,
modulo addition, etc. is) about half an hour for a small block of

For SHA-1, you need to store five working variables (all 32-bit), plus a
message schedule of sixteen 32-bit numbers.

For each 64 bytes of input message, you need to do 80 iterations of the
loop, each iteration contains 1 x 5-way addition, plus a two or 3-way
XOR, plus some ANDing and inversion on some of the iterations.

For SHA256, you've got eight working variables, and you only have 64
loop iterations per 64 bytes of data, but the operations in the loop
are much more complicated.

If you want more info, FIPS180-2 is the document you're after.

David Smith        | Tel: +44 (0)1454 462380    Home: +44 (0)1454 616963
STMicroelectronics | Fax: +44 (0)1454 462305  Mobile: +44 (0)7932 642724
1000 Aztec West    | TINA: 065 2380          GPG Key: 0xF13192F2
Almondsbury        | Work Email: Dave.Smith at st.com
BRISTOL, BS32 4SQ  | Home Email: David.Smith at ds-electronics.co.uk

More information about the Gnupg-users mailing list