Updates readied for cryptographic hashes

Updates readied for cryptographic hashes
Updates readied for cryptographic hashes 

By William Jackson
GCN Staff

The National Institute of Standards and Technology has revised two 
Federal Information Processing Standards specifying algorithms for 
cryptographic hashing. Drafts of FIPS 180-3 [1] and FIPS 198-1 [2] have 
been released for three months of public comment.

FIPS 180-3 replaces Publication 180-2 and specifies five secure hash 
algorithms (SHAs). The algorithms, when combined with a message, produce 
a message digest that should be unique to the original message. These 
can be used for digital signatures and message authentication codes. In 
the new draft, SHA-1, SHA-224 and SHA-256 are used to produce digests of 
shorter messages, while SHA-384 and SHA-512 can be used for longer 
messages. They produce digests ranging in length from 160 to 512 bits, 
depending on the algorithm used.

The algorithms are called secure because it is unlikely that the 
original message could be derived from the digest produce by the 
algorithm, or that the algorithm could produce the same digest for more 
than one message. This gives a high probability that each digest is 
unique to its message and that the digest can be used to accurately 
verify a digital signature or a message authentication code.

FIPS 198-1 replaces Publication 198 and specifies an algorithm for 
applications requiring message authentication. Using a secret key that 
is shared with the intended recipient of a message, the sender produces 
a code or message digest unique to the message being sent. The recipient 
uses the same key to produce a code of the message being received. If 
the codes match, the recipient can be sure that the message has not been 
altered and that it came from the other holder of the key.

Comments are being accepted on both proposed standards until Sept. 10. 
Comments should be sent either to proposed180-3 (at) or to 
proposed198-1 (at), with a subject line that reads Comments on 
draft 180-3 or Comments on draft 198-1.


Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. 

Site design & layout copyright © 1986-2014 CodeGods