Skip to Content

Notice

Announcing Draft Federal Information Processing Standard (FIPS) Publication 198-1, the Keyed-Hash Message Authentication Code, and Request for Comments

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

National Institute of Standards and Technology, Commerce.

ACTION:

Notice and request for comments.

SUMMARY:

This notice announces the Draft Federal Information Processing Standard (FIPS) 198-1, the Keyed-Hash Message Authentication Code (HMAC), for public review and comment. The draft standard, designated “Draft FIPS 198-1,” is proposed to supersede FIPS 198, the Keyed-Hash Message Authentication Code, issued March 2002. FIPS 198-1 specifies a keyed-hash message authentication code (HMAC), a mechanism for message authentication using cryptographic hash functions and shared secret keys. The proposed standard is available at http://csrc.nist.gov/​publications/​drafts.html.

Prior to the submission of this proposed standard to the Secretary of Commerce for review and approval, it is essential that consideration be given to the needs and views of the public, users, the information technology industry, and Federal, State, and local government organizations. The purpose of this notice is to solicit such views.

DATES:

Comments must be received by September 10, 2007.

ADDRESSES:

Written comments may be sent to: Chief, Computer Security Division, Information Technology Laboratory, Attention: Comments on Draft FIPS 198-1, 100 Bureau Drive—Stop 8930, National Institute of Standards and Technology, Gaithersburg, MD 20899-8930. Electronic comments may be sent to proposed198-1@nist.gov. with a subject line of Keyed-Hash Message Authentication Code. The current FIPS 198 and its proposed replacement, Draft FIPS 198-1, are available electronically at http://csrc.nist.gov/​publications/​index.html.

Comments received in response to this notice will be published electronically at http://csrc.nist.gov/​CryptoToolkit/​tkhash.html.

Start Further Info

FOR FURTHER INFORMATION CONTACT:

For general information, contact: Elaine Barker, National Institute of Standards and Technology, Stop 8930, Start Printed Page 32282Gaithersburg, MD 20899-8930, telephone: 301-975-2911 or via fax at 301-975-8670, e-mail: elaine.barker@nist.gov. or Quynh Dang, telephone: 301-975-3610, e-mail: quynh.dang@nist.gov.

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

The changes between FIPS 198 and FIPS 198-1 are minor and are motivated by a desire to put informative information that may change in a separate, less formal publication that can be readily updated as necessary. FIPS 198 contained statements about the security provided by the HMAC algorithm and specified a truncation technique for the HMAC output. Since the security provided by the HMAC algorithm and its applications might be altered by future cryptanalysis, the security statements were not included in FIPS 198-1. The security of HMAC will be addressed in NIST Special Publications (SP) 800-57, Recommendation for Key Management, and 800-107, Recommendation for Using Approved Hash Algorithms. Draft FIPS 198-1 also does not include the truncation technique; the truncation technique of HMAC will be specified in the NIST Special Publication 800-107. Draft NIST Special Publications and NIST Special Publications are available at http://csrc.nist.gov/​publications/​index.html. Examples of the implementation of the HMAC algorithm can be found at http://www.nist.gov/​CryptoToolkitExamples. NIST will continue to review these examples and to update them as needed.

Start Authority

Authority: NIST activities to develop computer security standards to protect Federal sensitive (unclassified) systems are undertaken pursuant to specific responsibilities assigned to NIST to section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g-3) as amended by section 303 of the Federal Information Security Management Act of 2002 (Pub. L. 107-347). This notice has been determined not to be significant for the purposes of Executive Order 12866.

End Authority Start Signature

Dated: June 5, 2007.

James M. Turner,

Deputy Director, NIST.

End Signature End Supplemental Information

[FR Doc. E7-11309 Filed 6-11-07; 8:45 am]

BILLING CODE 3510-13-P