26 August 2002
Source: http://www.access.gpo.gov/su_docs/aces/fr-cont.html


[Federal Register: August 26, 2002 (Volume 67, Number 165)]
[Page 54786-54787]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]



National Institute of Standards and Technology

[Docket No. 001214352-2097-02]

Announcing Approval of Federal Information Processing Standard 
(FIPS) 180-2, Secure Hash Standard; a Revision of FIPS 180-1

AGENCY: National Institute of Standards and Technology (NIST), 

ACTION: Notice.


SUMMARY: The Secretary of Commerce has approved FIPS 180-2, Secure Hash 
Standard, and has determined that the standard is compulsory and 
binding on Federal agencies for the protection of sensitive, 
unclassified information.
    FIPS 180-2, Secure Hash Standard, replaces FIPS 180-1, which was 
issued in 1992 and which specified an algorithm (SHA-1) for producing a 
160-bit output called a message digest. The message digest is a 
condensed representation of electronic data and is used in 
cryptographic processes such as digital signatures and message 
authentication. FIPS 180-2 includes three additional algorithms, which 
produce 256-bit, 384-bit, and 512-bit message digests. These expanded 
capabilities are compatible with and support the strengthened security 
requirements of FIPS 197, Advanced Encryption Standard.

EFFECTIVE DATE: This standard is effective February 1, 2003.
    Specifications: FIPS 180-2 is available on the NIST web page at: 

FOR FURTHER INFORMATION CONTACT: Ms. Elaine Barker, (301) 975-2911, 
National Institute of Standards and Technology, 100 Bureau Drive, STOP 
8930, Gaithersburg, Maryland 20899-8930. Email: elaine.barker@nist.gov.

SUPPLEMENTARY INFORMATION: A notice was published in the Federal 
Register (66 FR 29287) on May 30, 2001, announcing the proposed FIPS 
180-2, Secure Hash Standard, for public review and comment. The Federal 
Register notice solicited comments from the public, academic and 
research communities, manufacturers, voluntary standards organizations, 
and Federal, state, and local government organizations. In addition to 
being published in the Federal Register, the notice was posted on the 
NIST web pages; information was provided about the submission of 
electronic comments. Comments and responses were received from three 
private sector organizations

[[Page 54787]]

or individuals, and from one federal government organization.
    The comments raised technical issues related to the standard, asked 
for clarification of technical issues, and recommended editorial 
changes. None of the comments opposed the adoption of the revised 
Federal Information Processing Standard. All of the editorial and 
related comments were carefully reviewed, and changes were made to the 
standard where appropriate. NIST recommended that the Secretary approve 
FIPS 180-2. Following is an analysis of the comments received.
    Comment: NIST should provide a security evaluation of the 
algorithms added to FIPS 180-2, and give the rationale for the various 
design choices. Such an analysis would increase confidence in the 
algorithms and facilitate external evaluation.
    Response: The standard provides four secure hash algorithms, which 
differ in the number of bits of security provided for the data being 
processed. Secure hash algorithms are designed for use in conjunction 
with another algorithm, which may have requirements that the hash 
algorithm have a certain number of bits of security. For example, a 
digital signature algorithm that provides 128 bits of security may 
require that the secure hash algorithm also provide 128 bits of 
    NIST believes that these algorithms are secure because it is 
computationally infeasible to find a message that corresponds to a 
given message digest, or to find two different messages that produce 
the same message digest. It is highly probable that a change to a 
message will result in a different message digest.
    FIPS 180-2 includes the technical specifications for the four 
algorithms that have been selected to provide 160, 256, 384 and 512 
bits of security. NIST anticipates and invites external examination and 
scrutiny concerning the security of the algorithms.
    Comment: NIST should include a note in the standard indicating 
whether SHA-256 could be truncated to 160 bits for use as an 
alternative to SHA-1 (also 160 bits).
    Response: The use of hash functions will be addressed in 
application standards (e.g., in the upcoming revision of Federal 
Information Processing Standard 186-2, the Digital Signature Standard).
    Comment: NIST should mention in the standard that SHA-256 constants 
are easily extracted from the SHA-512 constants.
    Response: NIST believes that the decisions concerning the use of 
constants and how to extract them should be made by those organizations 
that develop implementations of the standard.
    Comment: One comment suggested that there may be weaknesses in the 
algorithms, and proposed a method to change the standard to address the 
perceived weaknesses.
    Response: It would be more appropriate for the perceived weaknesses 
to be addressed in application standards such as the Federal 
Information Processing Standard for the Keyed-Hash Message 
Authentication Code (HMAC), which has been approved as FIPS 198, as 
opposed to addressing this in FIPS 180-2 itself. Furthermore, NIST 
expects to issue guidance on the implementation of secure hash 

    Authority: Under section 5131 of the Information Technology 
Management Reform Act of 1996 and the Computer Security Act of 1987, 
the Secretary of Commerce is authorized to approve standards and 
guidelines for the cost effective security and privacy of sensitive 
information processed by federal computer systems.

    Executive Order 12866: This notice has been determined not to be 
significant for purposes of E.O. 12866.

    Dated: August 19, 2002.
Karen Brown,
Deputy Director, NIST.
[FR Doc. 02-21599 Filed 8-23-02; 8:45 am]