> DEPARTMENT OF COMMERCE > > National Institute of Standards and Technology > > [Docket No. 001214352-2097-02] > > > Announcing Approval of Federal Information Processing Standard > (FIPS) 180-2, Secure Hash Standard; a Revision of FIPS 180-1 > > AGENCY: National Institute of Standards and Technology (NIST), > Commerce.
FIPS 180-2 has been approved. This revision to the standard adds the 256, 384, and 512 bit output hash algorithms. Included in the announcement was a section of comments on the standard and responses by NIST to the comments. Of note... > Comment: One comment suggested that there may be weaknesses in the > algorithms, and proposed a method to change the standard to address the > perceived weaknesses. > Response: It would be more appropriate for the perceived weaknesses > to be addressed in application standards such as the Federal > Information Processing Standard for the Keyed-Hash Message > Authentication Code (HMAC), which has been approved as FIPS 198, as > opposed to addressing this in FIPS 180-2 itself. Furthermore, NIST > expects to issue guidance on the implementation of secure hash > functions. The comments received on the standard are available on the NIST Computer Security Research Center (CSRC) web site (http://csrc.nist.gov) in a pdf (http://csrc.nist.gov/encryption/shs/dfips-180-2-comments1.pdf). That document contains the message by John Kelsey that discusses the "perceived" weakness being referred to in this comment. The hash algorithms will not be tweaked to prevent this property. Besides being addressed in FIPS (and potentially other) standards that build upon these hash algorithms, guidance may be issued and it will then be left in the hands of implementers and standards developers. (I guess I am still struck by how RC4 was used in WEP.) Is there any new (within 6 months) research on SHA-1, SHA-256, SHA-384, and/or SHA-512? Strengths, weaknesses, etc.? Pointers would be appreciated. -Andrew --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]