To Gain Knowledge and to become a one, who all wants to become

Dreams are not those which are seen during sleep ,but Dreams are those which do not let you sleep,so see the dreams
and work hard to make them true.

Wednesday, October 27, 2010

Adding Recapcha in Joomla

Download the Recapcha plugin from here :

1. Login to Joomla Administration --> Extensions--> Install/Uninstall

2. Upload the package file and Click on "Upload Fle and Install"

3. Go to Plugin Manager and it will be shown as System - JEZ ReCaptcha, publish it
    and then click on it .

4 .It will open the setting for JEZ ReCapcha plugin ,do the following .
* Enabled : yes
reCAPTCHA Public :
reCAPTCHA Private :
Inclusion Syntax : No
Auto-verify : Yes

Note : The reptcha public and private key has to be generated by signing  into you google accounts /

Rachit Seth

Monday, October 25, 2010

How to recover VM on Xenserver When VM is not bootable from updated kernel (Citrics XenServer )

1 . Create/Restore an new VM (say rescue vm )on the xenserver where the crashed VM is located.

2 . Stop the  rescue  vm and deattach the storage device .

3 . Attach this storage  device on crashed vm .

4 . Change the crashed disk vbd to non bootable after checking with below command

    xe vm-disk-list vm="crashedvm name" l ( It will list the storage devices with their uuid's ,for each disk there is a vdi and vbd uuid )

  xe vbd-param-set uuid=7f6a1563-fc76-31d8-49c2-c03466ca836b bootable=false

5 . Change the rescue vm disk vbd  to bootable .

  xe vbd-param-set uuid=5f64a143633-fc76-313-59a2-d13466ca3egf bootable=true

6  Start the crashed vm ,it will boot with the rescue vm's disk.
    Now ,mount the  original disk  whose vbd you  changed to non bootable earlier .

    mount /dev/xvda /mnt

7 . Going  to /mnt ,we will get the old filesystem.
     cd /mnt/boot/

    Changed the grub.conf default  entry   to 1 i.e the older version of kernel is selected( as i have updated the
    kernel after which vm  does not starts)

8. Stop the this crash vm again .

9 . Deattach  the rescue disk from the crashed vm and change the crashed disk's vbd again to bootable .
       xe vbd-param-set uuid=7f6a1563-fc76-31d8-49c2-c03466ca836b bootable=true.

10 .Now try to start it  and now it is  bootable (from earlier  kernel.)

Saturday, October 23, 2010

S3fs Installation( To mount S3 bucket )

Note :   Your kernel version must support fuse module otherwise you have to update the kernel

yum update kernel-version   (2.6.18-194 and above version supports fuse module)
gcc is also needed to compiling the package.
yum install fuse dkms dkms-fuse
modprobe fuse
cd fuse-2.8.3
make clean
make install
tar -zxvf s3fs-r191-source.tar.gz
cd s3fs
for running make command  you need to install  libcurl which will be available by curl-version.tar.gz
configure the curl-version.tar.gz and then add the line in /etc/ as : /usr/local/lib
export PKG_CONFIG_PATH=/root/fuse-2.8.3:/root/s3fs (the install dir for fuse and s3fs) 

mkdir /tmp/s3fs
cd install-dir
 ./s3fs bucketname -o accessKeyId= -o secretAccessKey=  /tmp/s3fs
ls /tmp/s3fs/1000-thumb.jpg

You can refer to following link for more details-:

Friday, October 15, 2010

Installing MongoDB on Ubuntu

Installing MongoDB on Ubuntu
MongoDB is a schema-free document oriented database developed by 10gen. It has been designed with the high performance demands of modern web applications in mind, and is currently gaining a great deal of traction in the development community. In this article, we will explain how to install the database on the Ubuntu. Fortunately, considerable work has already been done that makes accomplishing this task extremely quick and simple.
The instructions provided here work with Ubuntu's Karmic (9.10) and Lucid (10.04) releases. Both of these are available options with (ve) server. The newest release at the time of this writing (2010-06-10) is the Lucid release. We recommend using this release as it will have the most current application software easily available in the standard repositories.
There are a few steps to get things working.
  • Install the 10gen signing key
  • Set up the 10gen apt repository
  • Install the drivers for your language(s) of choice
The kind folks at 10gen have made the first two steps fairly straightforward. First, shell into your server using SSH as the root user (the commands in this article will all assume you are shelled in as the root user). Next, run the following command from the command line to import the 10gen signing key:
apt-key adv --keyserver --recv 7F0CEB10
This will ensure that the database software you download is actually the software published by 10gen.
Next, we need to set up the 10gen software repository on the system. If you have an Ubuntu Lucid server, run the following command:
echo "deb 10.4 10gen" >> /etc/apt/sources.list.d/10gen.list
If you are using Ubuntu Karmic use the following analagous command:
echo "deb 9.10 10gen" >> /etc/apt/sources.list.d/10gen.list
Now, to actually install the MongoDB database, run the following commands:
apt-get update
apt-get -y install mongodb-stable
This will install the current, stable release of MongoDB, along with the standard associated utility programs like mongodump and mongostat onto your server. If you want to install the unstable (development) or nightly snapshot releases, you may use these commands instead:
apt-get -y install mongodb-unstable
apt-get -y install mongodb-snapshot
If, having done this, you type mongo at the command prompt, and you see something similar to the following:
MongoDB shell version: 1.4.3
url: test
connecting to: test
type "help" for help
then you have successfully installed MongoDB! (Press Ctrl-D to get out of the Mongo shell).
You will probably also want to install language drivers for your language of choice so that you can develop applications using your new Mongo database. Fortunately, a (mt) Media Temple employee has made a repository with pre-packaged drivers that are easy to install. Drivers are currently available for the Perl, PHP, and Python languages.
There are no packages currently for the Ruby programming language due to complications with packaging RubyGems based software. 10gen has instructions for manually installing these drivers.
To install the other drivers, first install the python-software-properties package which helps you interface with the Ubuntu Launchpad platform.
apt-get -y install python-software-properties
Next, add the mongodb-drivers repository.
add-apt-repository ppa:chris-lea/mongodb-drivers
This will take care of installing the signing key and setting up the repository. To install drivers for all three languages, use the following commands.
apt-get update
apt-get -y install libmongodb-perl php5-mongo python-mongodb

Friday, September 17, 2010

Master -Slave Replication of Mysql Server.

Step 1: Setup Master configuration file properties

Open my.cnf file
vi /etc/my.cnf


And comment lines like below
 #bind-address =


we have to tell MySQL for which database it should write logs (these logs are used by the slave to see what has changed on the master)
log-bin = /var/lib/mysql/mysql-bin.log


restart mysql
service mysqld restart


Step 2: Setup Master configuration for replication user

logon to mysql server


create an user with “replication slave on” privileges
GRANT REPLICATION SLAVE ON *.* to 'replication_user'@'%' IDENTIFIED BY 'password';
GRANT RELOAD ON *.* TO 'replication_user'@'%'
GRANT SUPER ON *.* TO 'replication_user'@'%'


Flush tables in our database:
USE database_name_to_replication;


you will see like this:-
| File             | Position | Binlog_Do_DB | Binlog_Ignore_DB |
| mysql-bin.000010 |      106 | db to replicate| mysql            | 
1 row in set (0.01 sec)


Step 3: Setup Slave configuration file

Open my.cnf file
vi /etc/my.cnf


And commands lines like below
 master-host = host_to_master_server
 master-user = replication_user
 master-password = password
 master-port = 3306


Connect to MySql


CREATE DATABASE database_name_to_replication;


Restart mysql
service mysqld restart


Run below commands:-


the output will be somthing like this:-
Slave_IO_State: Waiting for master to send event
Master_User: replication_user
Master_Port: 3306
Connect_Retry: 60


now we should load data from our master…


or… you can always use below command to load the initial data from master
mysql -usome_user_name -psome_password -Ddatabase_name_to_replication < dump_from_master_db.sql


after our data is moved to slave server… we can unlock our tables.
Log in to MySQL sever (master) and:
USE database_name_to_replication;

Friday, July 30, 2010

virtusertable based domain routing

Incoming E-mail messages can be sorted based on the recipient domain name with the virtusertable utility. Because user accounts are not directly associated with any specific domain names, a virtusertable must be used to differentiate between recipient domain names. For example, a virtusertable mapping will allow you to direct E-mail messages for and to different users on your VPS v2.

Configuring Virtusertable mappings

In order to create virtusertable mappings, you must first create a text file in the /etc/mail/ directory of your server (there is a sample file in that directory named virtusertable.sample). This file will contain virtusertable mappings.

Each entry in a virtusertable should be on a single line. The original recipient address on the left hand side, with one or more spaces or tabs separating it from the right hand side, which contains the destination address. Using the example above, the virtusertable mapping would be as follows:     tom steve

The original recipient is the E-mail address that people will send messages to, and can be either a full address (, or a catch all for all messages to the specified domain ( If you want to create multiple virtusertable entries for a single domain, make sure that you put the catch all below any other entries for that same domain name. For example:    tom john john

The destination address should be a local user, an alias, or a remote E-mail address. You may also use a %1 to indicate that the original user should be prepended to a catch all.

Any time you make a change to the /etc/mail/virtusertable text file, you will need to create a db file that sendmail can read. The following command will create the /etc/mail/virtusertable.db file when run by root:

# makemap hash /etc/mail/virtusertable < /etc/mail/virtusertable

Alternatively, a shorter version of this same command can be used:

# vnewvirtmaps

Example Virtusertable Entries

The following entry would deliver any message sent to to the local account floydr.		floydr

The next entry will deliver a message sent to to his personal E-mail account with his ISP.

Any other E-mail sent to the domain will go to Floyd's local account.			floydr

Anything sent to a user at will be sent to, but will not change the username the message was originally sent to (only the domain is modified).

The following entry will reject mail addressed to any address at the domain that is not defined in the virtusertable file. The sender will receive an appropriate error code plus the description, "User unknown."			error:nouser User unknown

Thursday, July 29, 2010

MySQL Replication

MySQL Master-Master Replication

  1. Now we will set up MySQL with master-master replication. First, set the MySQL root user password on both machines where YOUR_PASSWORD_HERE is replaced with your MySQL root password: 
    mysqladmin -u root password YOUR_PASSWORD_HERE
  2. Create a user replication and grant it privileges on the database. Replace 10.1.1. with the first three octets of your private IP range: 
     mysql -u root –p mysql> GRANT REPLICATION SLAVE ON *.* TO 'replicaton'@'10.1.1.%' IDENTIFIED BY 'slave'; mysql> GRANT REPLICATION CLIENT ON *.* TO 'replication'@'10.1.1.%'; mysql> GRANT SUPER ON *.* TO 'replication'@'10.1.1.%'; mysql> GRANT RELOAD ON *.* TO 'replication'@'10.1.1.%'; 
  3. Create the Wordpress database and create a db user and password to access the db other than root, replacingmyblog_wordpresswpadmin,abcd1234 and 10.1.1. with the appropriate values you previously set: 
    mysql> CREATE DATABASE myblog_wordpress; mysql> USE myblog_wordpress; mysql> GRANT ALL ON myblog_wordpress.* TO wpadmin@'10.1.1.%' IDENTIFIED BY 'abcd1234'; mysql> GRANT ALL ON myblog_wordpress.* TO wpadmin@localhost IDENTIFIED BY 'abcd1234'; mysql> FLUSH PRIVILEGES; mysql> quit 

Configuring db01

  1. Now configure MySQL on db01 by editing my.cnf conf file: 
    vi /etc/my.cnf
  2. Modify the file to look like this, replacing myblog_wordpress with the actual name of the database and10.1.1.12 with the private IP of db02. Pay extra attention to the lines with the #Different comments: 
    [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock user=mysql # Default to using old password format for compatibility with mysql 3.x # clients (those using the mysqlclient10 compatibility package). old_passwords=1  server-id=1 #Different than db02  log-bin log-bin=/var/log/mysqld/db01-bin #Different than db02 log-bin-index=/var/log/mysqld/db01-bin-log.index #Different than db02 binlog-do-db=myblog_wordpress binlog-ignore-db=mysql binlog-ignore-db=test  master-host= #Different than db02 master-user=replication master-password=slave  replicate-same-server-id=0 auto-increment-increment=2 auto-increment-offset=1 master-connect-retry=5  relay-log=/var/log/mysqld/db01-relay-bin #Different than db02 relay-log-index=/var/log/mysqld/db01-relay-log.index #Different than db02  expire_logs_days=10 max_binlog_size=500M  [mysqld_safe] log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/ 
  3. Create the log file directories for the new MySQL logging and then restart the service: 
    mkdir /var/log/mysqld chown mysql:mysql /var/log/mysqld service mysqld restart 

Configuring db02

  1. Now configure MySQL on db02 by editing my.cnf conf file: 
    vi /etc/my.cnf
  2. Modify the file to look like this, replacing myblog_wordpress with the actual name of the database and10.1.1.11 with the private IP of db01. Pay extra attention to the lines with the #different comments: 
    [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock user=mysql # Default to using old password format for compatibility with mysql 3.x # clients (those using the mysqlclient10 compatibility package). old_passwords=1  server-id=2  log-bin log-bin=/var/log/mysqld/db02-bin #Different than db01 log-bin-index=/var/log/mysqld/db02-bin-log.index #Different than db01 binlog-do-db=myblog_wordpress binlog-ignore-db=mysql binlog-ignore-db=test  master-host= #Different than db01 master-user=replication master-password=slave  replicate-same-server-id=0 auto-increment-increment=2 auto-increment-offset=2 #Different than db01 master-connect-retry=5  relay-log=/var/log/mysqld/db02-relay-bin #Different than db01 relay-log-index=/var/log/mysqld/db02-relay-log.index #Different than db01  expire_logs_days=10 max_binlog_size=500M  [mysqld_safe] log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/ 
  3. Create the log file directories for the new MySQL logging and then restart the service: 
    mkdir /var/log/mysqld chown mysql:mysql /var/log/mysqld service mysqld restart 

Verify the MySQL Replication Status

  1. To verify the MySQL replication, enter MySQL and run the following commands: 
    mysql -u root –p mysql> SHOW MASTER STATUS; mysql> SHOW SLAVE STATUS\G 
  2. The most important lines to check are the following, which should read "Yes" on both DB servers: 
    Slave_IO_Running:  Yes Slave_SQL_Running:  Yes 
  3. Also important is the following line from SHOW SLAVE STATUS\G which should match the Position value fromSHOW MASTER STATUS; on the other server. The number may differ from what you see below: 
    Read_Master_Log_Pos:  98 
  4. MySQL replication usually works well and is extremely useful, but the databases can get out of sync under certain conditions. One thing to try is to issue the following commands on both servers: 
    mysql> stop slave; mysql> reset master; mysql> reset slave; mysql> start slave;

Runnig SunJava On Linux (CentOs/RedHat)

By far the most messy thing on CentOS 5.2 is adding Sun's Java.  I have never found great success from the different packages that are out there for installing java.  I prefer to simply use the packages from Sun.

Step (1) : Visit Sun's web site and download the latest version of Java (the *.bin file not the *-rpm.bin) ( close attention if you want the 32bit or 64bit version)

Step (2) :

[user@www]# cd /opt/
[user@www]# /bin/sh jdk-6u7-linux-x64.bin

Step (3) : Setup the alternatives correctly

[user@www]# alternatives --install /usr/bin/java java /opt/jdk1.6.0_07/bin/java 2
[user@www]# alternatives --config java
There are 2 programs which provide 'java'.
Selection Command
*+ 1 /usr/lib/jvm/jre-1.4.2-gcj/bin/java
2 /opt/jdk1.6.0_07/bin/java
Enter to keep the current selection[+], or type selection number: 2

Step (4) : Check to make sure the install was a success

[user@www]# java -version
java version "1.6.0_07"
Java(TM) SE Runtime Environment (build 1.6.0_07-b06)
Java HotSpot(TM) 64-Bit Server VM (build 10.0-b23, mixed mode)

NagiosQL3 Installation

Configure NagiosQL3


  •   Webserver e.g. Apache 1.x or above
  •   PHP 4.3 or above
  •   MySQL 4.1 or above
  •   Nagios 2 or above
  •   PEAR Module: HTML_Template_IT 1.1 or above
  •   PHP Extension: gettext
  •   PHP Extension: mysql
  •   PHP Extension: ftp
  •   Javascript enabled at your Webbrowser



Pear modules can be installed automatically by invoking the following command (requires Internet access): 
# pear install HTML_Template_IT   


The NagiosQL translation depends on gnu-gettext and this framework depends on your locale system settings. Make sure you have the appropriate locale installed on your system (e.g. en-GB.utf-8). Please verify that by executing "locale -a". 


Download and extract
Download the latest NagiosQL Version from and extract the nagiosql-*.tar.gz to a directory accessible by your webserver (e.g. /srv/www/htdocs). A subdirectory "nagiosql" will be created: 
# cd /srv/www/htdocs/ 
# wget
# cp /srv/www/htdocs/ # unzip


Directory Structure

It is recommend to have the following directory structure (you can change the directory names in your NagiosQL Domain Configuration): 
/etc/nagiosql/                  -> Common configuration files "            /hosts         -> Host configuration files "            /services   -> Service configuration files "            /backup/   -> Backups of the common configuration files "         "      /hosts  -> Backups of the host configuration files "         "      /services  -> Backups of the service configuration files 


In order to find the configuration files generated by NagiosQL your Nagios configuration must be amended, too. You are free to change the directory names, but be sure to do that in both configuration files (Nagios: nagios.cfg, NagiosQL: Domain Administration). The directory structure (e.g. backup directories below main directories) should never be changed! 
The Nagios configuration file nagios.cfg should be amended to follow the above recommendation: 
cfg_file=/etc/nagiosql/contacttemplates.cfg cfg_file=/etc/nagiosql/contactgroups.cfg cfg_file=/etc/nagiosql/contacts.cfg cfg_file=/etc/nagiosql/timeperiods.cfg cfg_file=/etc/nagiosql/commands.cfg
cfg_file=/etc/nagiosql/hostgroups.cfg cfg_file=/etc/nagiosql/servicegroups.cfg  cfg_dir=/etc/nagiosql/hosts cfg_dir=/etc/nagiosql/services
And optional: 
cfg_file=/etc/nagiosql/hosttemplates.cfg cfg_file=/etc/nagiosql/servicetemplates.cfg cfg_file=/etc/nagiosql/servicedependencies.cfg cfg_file=/etc/nagiosql/serviceescalations.cfg cfg_file=/etc/nagiosql/hostdependencies.cfg cfg_file=/etc/nagiosql/hostescalations.cfg cfg_file=/etc/nagiosql/hostextinfo.cfg cfg_file=/etc/nagiosql/serviceextinfo.cfg  


The following file permissions are required to let NagiosQL read and write the Nagios configuration files. In our example the Apache runs as user "www-data" and the group "www-data" as well as Nagios runs by the user "nagios" and the group "nagios". Instead of the below configuration, you could also add the Apache user to the Nagios group. The configuration files are located at /etc/nagiosql. Please amend if this differs from your installation. 
## Nagios Main Configuration Files  # chgrp www-data /etc/nagios # chgrp www-data /etc/nagios/nagios.cfg # chgrp www-data /etc/nagios/cgi.cfg # chmod 775 /etc/nagios # chmod 664 /etc/nagios/nagios.cfg # chmod 664 /etc/nagios/cgi.cfg  ## NagiosQL Configuration
# chmod 6755 /etc/nagiosql # chown www-data.nagios/etc/nagiosql # chmod 6755 /etc/nagiosql/hosts # chown www-data.nagios/etc/nagiosql/hosts # chmod 6755 /etc/nagiosql/services # chown www-data.nagios /etc/nagiosql/services     ## NagiosQL Backup Configuration   # chmod 6755 /etc/nagiosql/backup # chown www-data.nagios /etc/nagiosql/backup # chmod 6755 /etc/nagiosql/backup/hosts # chown www-data.nagios /etc/nagiosql/backup/hosts # chmod 6755 /etc/nagiosql/backup/services # chown www-data.nagios /etc/nagiosql/backup/services  ## Amend already existing files     # chmod 644 /etc/nagiosql/*.cfg # chown www-data.nagios /etc/nagiosql/*.cfg 
If these directories already have files, amend the permissions for them, too: 
# chmod 644 /etc/nagiosql/hosts/*.cfg # chown www-data.nagios /etc/nagiosql/hosts/*.cfg    # chmod 644 /etc/nagiosql/services/*.cfg # chown www-data.nagios /etc/nagiosql/services/*.cfg     
The Nagios binary must be executable by the Apache user: 
# chown nagios.www-data /usr/sbin/nagios # chmod 750 /usr/sbin/nagios 
Be sure the Apache user is able to write the Nagios commandfile. Please check your nagios.cfg for the correct path to the commandfile! 
# chown /usr/local/nagios/var/rw/nagios.cmd # chmod 660 /usr/local/nagios/var/rw/nagios.cmd 

Verify Installation and Configuration

Please execute as the webserver user "nagios -v /etc/nagios/nagios.cfg" and check for additional permissions.

Running NagiosQL

Now you should be able start NagiosQL: http://www.domain.tld/nagiosql/index.php
The Installation Wizard will help you installing NagiosQL.

Configure Nagios Environment within NagiosQL

After the Installation Wizard succeeded, you should configure your Nagios Environment for NagiosQL. Please login to your fresh installation and navigate to "Administration" => "Domains". Setup your Nagios Environment and if you need help, try the integrated help system first.

LogMeIn Hamachi Installation in linux

LogMeIn Hamachi is a VPN service that easily sets up in 10 minutes, and enables secure remote access to your business network, anywhere there's an Internet connection.
 It works with your existing firewall, and requires no additional configuration. Hamachi is the first networking application to deliver an unprecedented level of direct peer-to-peer connectivity. It is simple, secure, and cost-effective.

Download latest hamachi version

# wget

Unpack hamachi-

# tar -zxvf hamachi-

Installing Hamachi

# cd hamachi-

# make install

Run tuncfg

# /sbin/tuncfg

After installation, issue the following commands

Create keys and set configuration directory

# hamachi-init -c /etc/hamachi

Start hamachi

# hamachi -c /etc/hamachi start

Login to hamachi network

# hamachi -c /etc/hamachi login

Create your personal network and password protect it

# hamachi -c /etc/hamachi create YOUR_NETWORK
Creating YOUR_NETWORK .. ok

Go-Online on your network

# hamachi -c /etc/hamachi go-online YOUR_NETWORK

Joining other networks

# hamachi -c /etc/hamachi join OTHER_NETWORK password

Leaving other networks

# hamachi -c /etc/hamachi leave OTHER_NETWORK

Changing nick name

# hamachi -c /etc/hamachi set-nick NEW_NICK

Getting a list of networks & members

# hamachi -c /etc/hamachi list

Thursday, July 22, 2010

SHA1 Algorithm

SHA-1 is a cryptographic hash function designed by the National Security Agency (NSA) and published by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. The three SHA algorithms are structured differently and are distinguished asSHA-0SHA-1, and SHA-2. SHA-1 is very similar to SHA-0, but corrects an error in the original SHA hash specification that led to significant weaknesses. The SHA-0 algorithm was not adopted by many applications. SHA-2 on the other hand significantly differs from the SHA-1 hash function.
SHA-1 is the most widely used of the existing SHA hash functions, and is employed in several widely-used security applications and protocols. In 2005, security flaws were identified in SHA-1, namely that a mathematical weakness might exist, indicating that a stronger hash function would be desirable.[2]Although no successful attacks have yet been reported on the SHA-2 variants, they are algorithmically similar to SHA-1 and so efforts are underway to develop improved alternatives.[3][4] A new hash standard, SHA-3, is currently under development — an ongoing NIST hash function competition is scheduled to end with the selection of a winning function in 2012.

SHA-1 produces a 160-bit digest from a message with a maximum length of (264 − 1) bits. SHA-1 is based on principles similar to those used by Ronald L. Rivest of MIT in the design of the MD4 and MD5 message digest algorithms, but has a more conservative design.
The original specification of the algorithm was published in 1993 as the Secure Hash StandardFIPS PUB 180, by US government standards agency NIST (National Institute of Standards and Technology). This version is now often referred to as SHA-0. It was withdrawn by NSA shortly after publication and was superseded by the revised version, published in 1995 in FIPS PUB 180-1 and commonly referred to as SHA-1. SHA-1 differs from SHA-0 only by a single bitwise rotation in the message schedule of its compression function; this was done, according to NSA, to correct a flaw in the original algorithm which reduced its cryptographic security. However, NSA did not provide any further explanation or identify the flaw that was corrected. Weaknesses have subsequently been reported in both SHA-0 and SHA-1. SHA-1 appears to provide greater resistance to attacks, supporting the NSA’s assertion that the change increased the security.

Comparison of SHA functions

In the table below, internal state means the “internal hash sum” after each compression of a data block.
Algorithm and
Output size (bits)Internal state size (bits)Block size (bits)Max message size (bits)Word size (bits)RoundsOperationsCollisions found
SHA-0160160512264 − 13280+,and,or,xor,rotYes
SHA-1None (263 attack)[5]
SHA-2SHA-256/224256/224256512264 − 13264+,and,or,xor,shr,rotNone
SHA-512/384512/38451210242128 − 16480+,and,or,xor,shr,rotNone


SHA Algorithm

The Secure Hash Algorithm is one of a number of cryptographic hash functions published by the National Institute of Standards and Technology as a U.S. Federal Information Processing Standard. There are currently three generations of Secure Hash Algorithm:

  • SHA-1 is the original 160-bit hash function. Resembling the earlier MD5 algorithm, this was designed by the National Security Agency (NSA) to be part of the Digital Signature Algorithm. Originally just called "SHA", it was withdrawn shortly after publication due to an undisclosed "significant flaw" and replaced by the slightly revised version SHA-1. The original withdrawn algorithm is now known by the retronym SHA-0.
  • SHA-2 is a family of two similar hash functions, with different block sizes, known as SHA-256 and SHA-512. They differ in the word size; SHA-256 uses 32-bit words where SHA-512 uses 64-bit words. There are also truncated versions of each standardized, known as SHA-224 and SHA-384. These were also designed by the NSA.
  • SHA-3 is a future hash function standard still in development. This is being chosen in a public review process from non-government designers. An ongoing NIST hash function competition is scheduled to end with the selection of a winning function, which will be given the name SHA-3, in 2012.

The corresponding standards have been FIPS PUB 180 (original SHA), FIPS PUB 180-1 (SHA-1), FIPS PUB 180-2 (SHA-1, SHA-256, SHA-384, and SHA-512), FIPS PUB 180-3 (SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512).