U.S. Standards Body Looking To Boost Crypto Security

February 2, 2007

Hash algorithms are used widely by the federal government and others in various applications, such as digital signatures and message authentication. FIPS 180-2 specifies five cryptographic hash algorithms—SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512. Because serious attacks have been reported in recent years against cryptographic hash algorithms, including SHA-1, NIST (National Institute of Standards and Technology is preparing the groundwork for a more secure hash standard.

As part of this preparation, The National Institute of Standards and Technology (NIST) is planning a competition to develop one or more cryptographic “hash” algorithms to augment and revise the current Secure Hash Standard (Federal Information Processing Standard 180-2). As a first step in this process, NIST is looking for comments on its recently published draft minimum acceptability requirements, submission requirements and evaluation criteria for candidate algorithms.

Hashing algorithms are mathematical procedures that take data, usually a message, and chop and combine it down into a much shorter number that is a “fingerprint” of the original data.

NIST says that good hash algorithms have two features—two different inputs are overwhelmingly likely to generate two different fingerprints, and given a specific fingerprint, there is no practical way of calculating a set of input data that will have the same fingerprint.