Home Archive RSS/XML Subscribe Shop

[ISN] Updates readied for cryptographic hashes

From: InfoSec News <alerts_at_infosecnews.org>
Date: Thu 14 Jun 2007 - 00:09:30 CDT
http://www.gcn.com/online/vol1_no1/44453-1.html

By William Jackson
GCN Staff
06/13/07 

The National Institute of Standards and Technology has revised two 
Federal Information Processing Standards specifying algorithms for 
cryptographic hashing. Drafts of FIPS 180-3 [1] and FIPS 198-1 [2] have 
been released for three months of public comment.

FIPS 180-3 replaces Publication 180-2 and specifies five secure hash 
algorithms (SHAs). The algorithms, when combined with a message, produce 
a message digest that should be unique to the original message. These 
can be used for digital signatures and message authentication codes. In 
the new draft, SHA-1, SHA-224 and SHA-256 are used to produce digests of 
shorter messages, while SHA-384 and SHA-512 can be used for longer 
messages. They produce digests ranging in length from 160 to 512 bits, 
depending on the algorithm used.

The algorithms are called secure because it is unlikely that the 
original message could be derived from the digest produce by the 
algorithm, or that the algorithm could produce the same digest for more 
than one message. This gives a high probability that each digest is 
unique to its message and that the digest can be used to accurately 
verify a digital signature or a message authentication code.

FIPS 198-1 replaces Publication 198 and specifies an algorithm for 
applications requiring message authentication. Using a secret key that 
is shared with the intended recipient of a message, the sender produces 
a code or message digest unique to the message being sent. The recipient 
uses the same key to produce a code of the message being received. If 
the codes match, the recipient can be sure that the message has not been 
altered and that it came from the other holder of the key.

Comments are being accepted on both proposed standards until Sept. 10. 
Comments should be sent either to proposed180-3 (at) nist.gov or to 
proposed198-1 (at) nist.gov, with a subject line that reads Comments on 
draft 180-3 or Comments on draft 198-1.

[1] http://csrc.nist.gov/publications/drafts/fips_180-3/draft_fips-180-3_June-08-2007.pdf
[2] http://csrc.nist.gov/publications/drafts/fips_198-1/draft_FIPS-198-1_June-08-2007.pdf
Received on Thu Jun 14 00:09:30 2007
Google
 
Web www.infosecnews.org
© Copyright 2007 InfoSec News
Home Archive RSS/XML Subscribe Shop Privacy