National Institute of Standards and Technology (NIST), Commerce.
The Secretary of Commerce approves FIPS 198, The Keyed-Hash Message Authentication Code (HMAC), and makes it compulsory and binding on Federal agencies for the protection of sensitive, unclassified information. FIPS 198 is an essential component of a comprehensive group of cryptographic techniques that government agencies need to protect data, communications, and operations. The Key-Hashed Message Authentication Code specifies a cryptographic process for protecting Start Printed Page 15549the integrity of information and verifying the sender of the information. This FIPS will benefit federal agencies by providing a robust cryptographic algorithm that can be used to protect sensitive electronic data for many years.
This standard is effective August 6, 2002.Start Further Info
FOR FURTHER INFORMATION CONTACT:
Ms. Elaine Barker, (301) 975-2911, National Institute of Standards and Technology, 100 Bureau Drive, STOP 8930, Gaithersburg, MD 20899-8930.
A copy of FIPS 198 is available electronically from the NIST website at: http://csrc.nist.gov/publications/drafts/dfips-HMAC.pdf.End Further Info End Preamble Start Supplemental Information
A notice was published in the Federal Register (Volume 66, Number 4, pp.1088-9) on January 5, 2001, announcing the proposed FIPS for Keyed-Hash Message Authentication Code (HMAC) for public review and comment. The Federal Register notice solicited comments from the public, academic and research communities, manufacturers, voluntary standards organizations, and Federal, state, and local government organizations. In addition to being published in the Federal Register, the notice was posted on the NIST Web pages; information was provided about the submission of electronic comments. Comments and responses were received from four individuals and private sector organizations, and from one Canadian government organization. None of the comments opposed the adoption of the Keyed-Hash Message Authentication Code (HMAC) as a Federal Information Processing Standard. Some comments offered editorial suggestions that were reviewed. Changes were made to the standard where appropriate.
Following is an analysis of the technical and related comments received.
Comment: A comment expressed concern about the security of the recommended FIPS. It specifies a 32-bit MAC, as compared to a requirement of a voluntary industry standard of the retail banking community for an 80-bit MAC (using the Triple Data Encryption Algorithm). Also a clarification was requested concerning the requirement in the recommended FIPS for “periodic key changes.”
Response: HMAC for the banking community is specified in a draft voluntary industry standard (ANSI X9.71), and mandates a 80-bit MAC. This recommended FIPS is based on that draft standard, but was written to allow the 32-bit MAC, which is used by the banking community and in other applications where there is little risk in the use of a relatively short MAC. NIST believes that the strengths of the 32-bit HMAC and the Triple DES MAC against collision type attacks mentioned in the comment are equivalent; collision type attacks use trial and error tactics to try to guess the MAC. NIST believes that the recommended FIPS provides adequate security, and that it will encourage a broad application of message authentication techniques.
NIST believes that changing keys periodically is a good practice. This issue is not addressed in ANSI X9.71. Key changes are recommended even when very strong algorithms with large keys are used, since keys can be compromised in ways that do not depend on the strength of the algorithm. The recommended FIPS does not specify how often keys should be changed. This will be addressed in a guidance document on key management that is currently under development. Information about this guidance document is posted on NIST's web pages (http://www.nist.gov/kms).
Comment: A comment suggested that a table of equivalent key sizes for different algorithms was needed, and that the values allowed for the key size and MAC length should be more restrictive.
Response: Advice about key sizes and the equivalent sizes between different cryptographic algorithms is more properly addressed in FIPS 180-1, Secure Hash Standard (currently under revision as FIPS 180-2) and the planned guidance document on key management. With regard to restrictions on the key size and MAC length, NIST believes that the marketplace will determine the predominating sizes.
Comment: A comment recommended that references to and examples of new hash algorithms (SHA-256, SHA-384 and SHA-512) be included.
Response: The new hash algorithms mentioned have not yet been approved for use. NIST believes that it is inappropriate to provide references to and examples of algorithms that are not yet approved standards. When the new hash algorithms have been approved, examples using these algorithms will be available on NIST's web pages. http://www.nist.gov/cryptotoolkit.
Comment: A comment recommended that OIDs (Object Identifiers) should be included for HMAC using the new hash algorithms mentioned above.
Response: The need for different object identifiers keeps changing. In addition, the new hash algorithms have not been approved as standards. Therefore, NIST believes that OIDs should not be included in this recommended standard. A reference to a NIST web site has been provided in the standard to help users obtain HMAC OIDs.
Comment: An observation was made regarding the different restrictions for the key size and MAC size (truncated output) for the recommended FIPS, for RFC 2104 and for ANSI X9.71. The comment mentioned incompatibilities when products are validated against these standards.
E.O. 12866: This notice has been determined to be significant for the purposes of E.O. 12866.Start Signature
Dated: March 25, 2002.
Karen H. Brown,
[FR Doc. 02-7880 Filed 4-1-02; 8:45 am]
BILLING CODE 3510-CN-P