Announcing Approval of Federal Information Processing Standard (FIPS) 180-2, Secure Hash Standard; a Revision of FIPS 180-1
The Secretary of Commerce has approved FIPS 180-2, Secure Hash Standard, and has determined that the standard is compulsory and binding on Federal agencies for the protection of sensitive, unclassified information.
FIPS 180-2, Secure Hash Standard, replaces FIPS 180-1, which was issued in 1992 and which specified an algorithm (SHA-1) for producing a 160-bit output called a message digest. The message digest is a condensed representation of electronic data and is used in cryptographic processes such as digital signatures and message authentication. FIPS 180-2 includes three additional algorithms, which produce 256-bit, 384-bit, and 512-bit message digests. These expanded capabilities are compatible with and support the strengthened security requirements of FIPS 197, Advanced Encryption Standard.
Table of Contents Back to Top
EFFECTIVE DATE: Back to Top
This standard is effective February 1, 2003.
Specifications: FIPS 180-2 is available on the NIST web page at: http://csrc.nist.gov/encryption/tkhash.html.
FOR FURTHER INFORMATION CONTACT: Back to Top
Ms. Elaine Barker, (301) 975-2911, National Institute of Standards and Technology, 100 Bureau Drive, STOP 8930, Gaithersburg, Maryland 20899-8930. Email: email@example.com.
SUPPLEMENTARY INFORMATION: Back to Top
A notice was published in the Federal Register (66 FR 29287) on May 30, 2001, announcing the proposed FIPS 180-2, Secure Hash Standard, for public review and comment. The Federal Register notice solicited comments from the public, academic and research communities, manufacturers, voluntary standards organizations, and Federal, state, and local government organizations. In addition to being published in the Federal Register, the notice was posted on the NIST web pages; information was provided about the submission of electronic comments. Comments and responses were received from three private sector organizations or individuals, and from one federal government organization.
The comments raised technical issues related to the standard, asked for clarification of technical issues, and recommended editorial changes. None of the comments opposed the adoption of the revised Federal Information Processing Standard. All of the editorial and related comments were carefully reviewed, and changes were made to the standard where appropriate. NIST recommended that the Secretary approve FIPS 180-2. Following is an analysis of the comments received.
Comment: NIST should provide a security evaluation of the algorithms added to FIPS 180-2, and give the rationale for the various design choices. Such an analysis would increase confidence in the algorithms and facilitate external evaluation.
Response: The standard provides four secure hash algorithms, which differ in the number of bits of security provided for the data being processed. Secure hash algorithms are designed for use in conjunction with another algorithm, which may have requirements that the hash algorithm have a certain number of bits of security. For example, a digital signature algorithm that provides 128 bits of security may require that the secure hash algorithm also provide 128 bits of security.
NIST believes that these algorithms are secure because it is computationally infeasible to find a message that corresponds to a given message digest, or to find two different messages that produce the same message digest. It is highly probable that a change to a message will result in a different message digest.
FIPS 180-2 includes the technical specifications for the four algorithms that have been selected to provide 160, 256, 384 and 512 bits of security. NIST anticipates and invites external examination and scrutiny concerning the security of the algorithms.
Comment: NIST should include a note in the standard indicating whether SHA-256 could be truncated to 160 bits for use as an alternative to SHA-1 (also 160 bits).
Response: The use of hash functions will be addressed in application standards (e.g., in the upcoming revision of Federal Information Processing Standard 186-2, the Digital Signature Standard).
Comment: NIST should mention in the standard that SHA-256 constants are easily extracted from the SHA-512 constants.
Response: NIST believes that the decisions concerning the use of constants and how to extract them should be made by those organizations that develop implementations of the standard.
Comment: One comment suggested that there may be weaknesses in the algorithms, and proposed a method to change the standard to address the perceived weaknesses.
Response: It would be more appropriate for the perceived weaknesses to be addressed in application standards such as the Federal Information Processing Standard for the Keyed-Hash Message Authentication Code (HMAC), which has been approved as FIPS 198, as opposed to addressing this in FIPS 180-2 itself. Furthermore, NIST expects to issue guidance on the implementation of secure hash functions.
Authority: Back to Top
Under section 5131 of the Information Technology Management Reform Act of 1996 and the Computer Security Act of 1987, the Secretary of Commerce is authorized to approve standards and guidelines for the cost effective security and privacy of sensitive information processed by federal computer systems.
Executive Order 12866: This notice has been determined not to be significant for purposes of E.O. 12866.
Dated: August 19, 2002.
Deputy Director, NIST.
[FR Doc. 02-21599 Filed 8-23-02; 8:45 am]
BILLING CODE 3510-CN-P