http://www.gcn.com/online/vol1_no1/44453-1.html By William Jackson GCN Staff 06/13/07 The National Institute of Standards and Technology has revised two Federal Information Processing Standards specifying algorithms for cryptographic hashing. Drafts of FIPS 180-3 [1] and FIPS 198-1 [2] have been released for three months of public comment. FIPS 180-3 replaces Publication 180-2 and specifies five secure hash algorithms (SHAs). The algorithms, when combined with a message, produce a message digest that should be unique to the original message. These can be used for digital signatures and message authentication codes. In the new draft, SHA-1, SHA-224 and SHA-256 are used to produce digests of shorter messages, while SHA-384 and SHA-512 can be used for longer messages. They produce digests ranging in length from 160 to 512 bits, depending on the algorithm used. The algorithms are called secure because it is unlikely that the original message could be derived from the digest produce by the algorithm, or that the algorithm could produce the same digest for more than one message. This gives a high probability that each digest is unique to its message and that the digest can be used to accurately verify a digital signature or a message authentication code. FIPS 198-1 replaces Publication 198 and specifies an algorithm for applications requiring message authentication. Using a secret key that is shared with the intended recipient of a message, the sender produces a code or message digest unique to the message being sent. The recipient uses the same key to produce a code of the message being received. If the codes match, the recipient can be sure that the message has not been altered and that it came from the other holder of the key. Comments are being accepted on both proposed standards until Sept. 10. Comments should be sent either to proposed180-3 (at) nist.gov or to proposed198-1 (at) nist.gov, with a subject line that reads Comments on draft 180-3 or Comments on draft 198-1. [1] http://csrc.nist.gov/publications/drafts/fips_180-3/draft_fips-180-3_June-08-2007.pdf [2] http://csrc.nist.gov/publications/drafts/fips_198-1/draft_FIPS-198-1_June-08-2007.pdf _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Wed Jun 13 2007 - 22:22:51 PDT