In preparing an input for SHA256 or RIPEMD-160 a single bit (1) is appended to the message before adding any necessary zero padding and before adding the bitlength (64 bits) to form 1 or more 512 bit blocks. What is the purpose of adding the single bit (1)?
Asked
Active
Viewed 417 times
2
1 Answers
1
If you look at the Wikipedia on padding article page, you will see many different ideas.
The main problem when designing a padding, firstly, one has to consider how to eliminate the padding correctly, all the time. It is the designer's choice, as noted in and the original RFC 4634 -- SHA and HMAC-SHA.
Once you put 1 followed by many 000 to the end of a string, you can remove the padding by looking the first position of a single 1 from the end. That was the simplest idea for padding, AFAIK.
When considering that hashes only supply integrity, If finding a collusion is easy with this (or any) padding than the hash is already failed there.
-
This makes sense otherwise, but the padding also includes the length of the message, so being able to strip the $1|0^n$ part on its own is not required. The extra 1-bit seems unnecessary and in the worst case causes an extra block to be processed. – otus Sep 09 '18 at 07:32
-
if the message length is zero, they include the 1 to make the computations easier? "000...0". So how to determine the message and size easily. – kelalaka Sep 09 '18 at 08:16
-
1The last 64/128 bits (depending on which hash we are talking about) are always the message length. So you can determine it just by looking at that value. – otus Sep 09 '18 at 08:33
injectiveand somehow prevents potential collisions due to padding, however, I can't figure out why the padding (if necessary) before the bitlength (given two different inputs) could create a collision which would make the injective necessary. – JohnGalt Aug 22 '18 at 14:33