[ISN] NIST prepares to hash out new standard

From: InfoSec News (alerts@private)
Date: Mon Feb 05 2007 - 23:20:20 PST


By William Jackson
GCN Staff
02/05/07 issue

The National Institute of Standards and Technology will conduct a public 
competition to select new hashing algorithms for the Federal Information 
Processing Standard.

The agency in January published for public comment a draft of minimum 
requirements for candidates for the new standard, along with guidelines 
for submission and evaluation criteria. They are available at 
www.nist.gov/hash-function. NIST hopes to have the new standard in place 
by 2012.

The new standard would replace the current FIPS-180-2, which now 
specifies several versions of the Secure Hash Algorithm, SHA-1; and 
SHA-224, SHA-256, SHA-384 and SHA-512, known collectively as SHA-2. The 
decision to upgrade the standard comes in the wake of successful attacks 
developed against some unrelated algorithms, as well as a partial 
compromise of SHA-1.

A hashing algorithm is a cryptographic formula for generating a unique, 
fixed-length numerical digest, or hash, of a message. Because the 
contents of the message cannot be derived from the digest and because 
the digest is (to a high degree of probability) unique for each message, 
the hash can be used to securely confirm that a document has not been 
altered. This can be used to effectively sign an electronic document and 
link the signature to the contents.

FIPS-180-2 was issued in 2002 and is scheduled for a routine review of 
its functionality and security this year and again in 2012. NIST started 
the upgrade process prior to the review because of reports in 2005 that 
researchers had discovered weaknesses in some algorithms. In response, 
NIST hosted two public workshops on cryptographic hash functions in 2005 
and 2006. Although SHA-2 has not been compromised, its algorithms are 
similar to those of SHA-1 and could prove susceptible to future attacks. 
In the meantime, the agency last year advised federal users to migrate 
away from use of SHA-1 as quickly as possible and no later than by 2010, 
except for limited functions.

The numerical suffixes in the SHA algorithms refer to the length of the 
digest produced by each algorithm. SHA-1 has a 160-bit digest length. 
The longer the digest, the more likely it is to be unique to a given 

The National Security Agency developed the SHA algorithms now recognized 
in the federal standard. Selection of a new standard will follow the 
process used by NIST in developing the Advanced Encryption Standard 
(FIPS-140-2). Rather than rely on a proprietary algorithm developed 
in-house, NIST will consider only formulas that already have been 
publicly disclosed, on the assumption that public scrutiny by the 
cryptographic research community will result in a more rigorous 
evaluation process and a more robust product.

The technical requirements proposed for submitted algorithms are 
minimal. They must:
  * Be publicly disclosed and available without a royalty
  * Be capable of being implemented in a wide range of hardware and 
    software platforms
  * Support 224-, 256-, 384- and 512-bit message digests.

Comments on the draft requirements are due by April 27. Additional 
information is available from Shujen Chang at NIST, Stop 8930, 
Gaithersburg, MD 20899, (301) 975-2940; or at www. 

Written comments should be mailed to William Burr, attn: Hash Algorithm 
Requirements and Evaluation Criteria, NIST, 100 Bureau Drive, Stop 8930, 
Gaithersburg, MD 20899, or e-mailed to hash-function @nist.gov with Hash 
Algorithm Requirements and Evaluation Criteria in the subject line.

A tentative timeline for the process calls for submissions of algorithms 
to be made by the third calendar quarter of 2008 and selection of the 
first round of candidates the following quarter. The final round of 
evaluations would begin in the second quarter of 2010, with a final 
decision in the third quarter of 2012. The process would include several 
public workshops.

Subscribe to the InfoSec News RSS Feed

This archive was generated by hypermail 2.1.3 : Mon Feb 05 2007 - 23:35:17 PST