The Inner Circle

 View Only

NIST Requests Public Comments on FIPS 180-4, Secure Hash Standard (SHS)

  • 1.  NIST Requests Public Comments on FIPS 180-4, Secure Hash Standard (SHS)

    Posted Aug 19, 2022 02:37:00 PM
      |   view attached
    Hi All,

    NIST Requests Public Comments on FIPS 180-4, Secure Hash Standard (SHS)

    NIST is in the process of a periodic review and maintenance of its cryptography standards and guidelines.

    This announcement initiates the review of Federal Information Processing Standard (FIPS) 180-4, Secure Hash Standard (SHS), 2015.

    NIST requests public comments on all aspects of FIPS 180-4. Additionally, NIST would appreciate feedback on the following two areas of particular concern:

    1. SHA-1. In recent years, the cryptanalytic attacks on the SHA-1 hash function have become increasingly severe and practical (see, e.g., the 2020 paper "SHA-1 is a Shambles" by Leurent and Peyrin). NIST, therefore, plans to remove SHA-1 from a revision of FIPS 180-4 and to deprecate and eventually disallow all uses of SHA-1. The Cryptographic Module Validation Program will establish a validation transition schedule.
    * How will this plan impact fielded and planned SHA-1 implementations?
    * What should NIST consider in establishing the timeline for disallowing SHA-1?

    2. Interface. The "Init, Update, Final" interface was part of the SHA-3 Competition submission requirements. Should a revision of FIPS 180-4 discuss the "Init, Update, Final" hash function interface?
    The public comment period is open through September 9, 2022. Comments may address the concerns raised in this announcement or other issues around security, implementation, clarity, risk, or relevance to current applications.
    Send comments to [email protected] with "Comments on FIPS 180-4" in the Subject.

    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------