http://www.gcn.com/print/26_03/43075-1.html
By William Jackson
GCN Staff
02/05/07 issue
The National Institute of Standards and Technology will conduct a public
competition to select new hashing algorithms for the Federal Information
Processing Standard.
The agency in January published for public comment a draft of minimum
requirements for candidates for the new standard, along with guidelines
for submission and evaluation criteria. They are available at
www.nist.gov/hash-function. NIST hopes to have the new standard in place
by 2012.
The new standard would replace the current FIPS-180-2, which now
specifies several versions of the Secure Hash Algorithm, SHA-1; and
SHA-224, SHA-256, SHA-384 and SHA-512, known collectively as SHA-2. The
decision to upgrade the standard comes in the wake of successful attacks
developed against some unrelated algorithms, as well as a partial
compromise of SHA-1.
A hashing algorithm is a cryptographic formula for generating a unique,
fixed-length numerical digest, or hash, of a message. Because the
contents of the message cannot be derived from the digest and because
the digest is (to a high degree of probability) unique for each message,
the hash can be used to securely confirm that a document has not been
altered. This can be used to effectively sign an electronic document and
link the signature to the contents.
FIPS-180-2 was issued in 2002 and is scheduled for a routine review of
its functionality and security this year and again in 2012. NIST started
the upgrade process prior to the review because of reports in 2005 that
researchers had discovered weaknesses in some algorithms. In response,
NIST hosted two public workshops on cryptographic hash functions in 2005
and 2006. Although SHA-2 has not been compromised, its algorithms are
similar to those of SHA-1 and could prove susceptible to future attacks.
In the meantime, the agency last year advised federal users to migrate
away from use of SHA-1 as quickly as possible and no later than by 2010,
except for limited functions.
The numerical suffixes in the SHA algorithms refer to the length of the
digest produced by each algorithm. SHA-1 has a 160-bit digest length.
The longer the digest, the more likely it is to be unique to a given
message.
The National Security Agency developed the SHA algorithms now recognized
in the federal standard. Selection of a new standard will follow the
process used by NIST in developing the Advanced Encryption Standard
(FIPS-140-2). Rather than rely on a proprietary algorithm developed
in-house, NIST will consider only formulas that already have been
publicly disclosed, on the assumption that public scrutiny by the
cryptographic research community will result in a more rigorous
evaluation process and a more robust product.
The technical requirements proposed for submitted algorithms are
minimal. They must:
* Be publicly disclosed and available without a royalty
* Be capable of being implemented in a wide range of hardware and
software platforms
* Support 224-, 256-, 384- and 512-bit message digests.
Comments on the draft requirements are due by April 27. Additional
information is available from Shujen Chang at NIST, Stop 8930,
Gaithersburg, MD 20899, (301) 975-2940; or at www.
nist.gov/hash-function.
Written comments should be mailed to William Burr, attn: Hash Algorithm
Requirements and Evaluation Criteria, NIST, 100 Bureau Drive, Stop 8930,
Gaithersburg, MD 20899, or e-mailed to hash-function @nist.gov with Hash
Algorithm Requirements and Evaluation Criteria in the subject line.
A tentative timeline for the process calls for submissions of algorithms
to be made by the third calendar quarter of 2008 and selection of the
first round of candidates the following quarter. The final round of
evaluations would begin in the second quarter of 2010, with a final
decision in the third quarter of 2012. The process would include several
public workshops.
______________________________________
Subscribe to the InfoSec News RSS Feed
http://www.infosecnews.org/isn.rss
This archive was generated by hypermail 2.1.3 : Mon Feb 05 2007 - 23:35:17 PST