Skip to Content

We invite you to try out our new beta eCFR site at We’ve made big changes to make the eCFR easier to use. Be sure to leave feedback using the 'Feedback' button on the bottom right of each page!


Announcing Draft Federal Information Processing Standard (FIPS) Publication 180-3, the Secure Hash Standard, and Request for Comments

Document Details

Information about this document as published in the Federal Register.

Document Statistics
Document page views are updated periodically throughout the day and are cumulative counts for this document. Counts are subject to sampling, reprocessing and revision (up or down) throughout the day.
Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble


National Institute of Standards and Technology, Commerce.


Notice and request for comments.


This notice announces the Draft Federal Information Processing Standard (FIPS) 180-3, Secure Hash Standard (SHS), for public review and comment. The draft standard, designated “Draft FIPS 180-3,” is proposed to supersede FIPS 180-2. FIPS 180-2, Secure Hash Standard (SHS), August 2002, specifies secure hash algorithms (SHA) called SHA-1, SHA-256, SHA-384 and SHA-512. These algorithms produce 160, 256, 384, and 512-bit outputs, respectively, which are called message digests. An additional secure hash algorithm, called SHA-224, that produces a 224-bit output, is specified in Change Notice 1 to FIPS 180-2, which was issued in 2004. Draft FIPS 180-3 specifies five secure hash algorithms: SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. The proposed standard is available at​publications/​drafts.html.

Prior to the submission of this proposed standard to the Secretary of Commerce for review and approval, it is essential that consideration be given to the needs and views of the public, users, the information technology industry, and Federal, State, and local government organizations. The purpose of this notice is to solicit such views.


Comments must be received by September 10, 2007.


Written comments may be sent to: Chief, Computer Security Division, Information Technology Laboratory, Attention: Comments on Draft FIPS 180-3, 100 Bureau Drive—Stop 8930, National Institute of Standards and Technology, Gaithersburg, MD 20899-8930. Electronic comments may be sent to: The current FIPS 180-2 and its proposed replacement, Draft FIPS 180-3, are available electronically at​publications/​index.html.

Comments received in response to this notice will be published electronically at​CryptoToolkit/​tkhash.html.

Start Further Info


For general information, contact: Elaine Barker, National Institute of Standards and Technology, Stop 8930, Gaithersburg, MD 20899-8930, telephone: 301-975-2911, e-mail: or via fax at 301-975-8670, or Quynh Dang, telephone: 301-975-3610, e-mail:

End Further Info End Preamble Start Supplemental Information


The changes between FIPS 180-2 and FIPS 180-3 are minor and are motivated by a desire to put informative information that is subject to change in a less formal publication that can be readily updated as necessary. FIPS 180-2 contained statements about the security strengths of the hash algorithms. However, the security strengths of the hashing algorithms, SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512, might change due to future cryptanalysis; consequently, Draft FIPS 180-3 does not describe their security strengths. Instead, the security strengths will be specified in NIST Special Publications (SP) 800-57, Recommendation for Key Management, and discussed in NIST SP 800-107, Recommendation for Using Approved Hash Algorithms. These Special Publications will be periodically reviewed and updated if warranted by advances in the cryptanalysis of these hash algorithms. Examples of the implementation of these hash algorithms can be found at​CryptoToolkitExamples. NIST Special Publications are available at:​publications/​index.html.

Start Authority

Authority: NIST activities to develop computer security standards to protect Federal sensitive (unclassified) systems are undertaken pursuant to specific responsibilities assigned to NIST by section 20 of the National Institute of Standards and Technology Act (5 U.S.C. 278g-3) as amended by section 303 of the Federal Information Security Management Act of 2002 (Pub. L. 107-347). Executive Order 12866: This notice has been determined not to be significant for the purpose of Executive Order 12866.

End Authority Start Signature

Dated: June 5, 2007.

James M. Turner,

Deputy Director, NIST.

End Signature End Supplemental Information

[FR Doc. E7-11326 Filed 6-11-07; 8:45 am]