The National Institute of Science and Technology has set the requirements for its Cryptographic Hash Algorithm Contest
The National Institute of Science and Technology (NIST) recently announced a competition to create a new hash algorithm. Hashes are algorithms that convert blocks of data into a short fingerprint to use in message authentication, digital signatures, and other security applications.
The competition comes as advances in algorithm analysis make the current SHA-1 and SHA-2 family standards more vulnerable. NIST plans to have the new hash algorithm, which will be known as Secure Hash Algorithm-3 (SHA-3) augment the standards presently specified in the Federal Information Processing Standard (FIPS) 180-2, Secure Hash Standard. Federal civilian computers are required to use these standards, and many in the private sector adopt them as well.
In particular, the SHA-1 family has been seriously attacked in recent years. Due to the success of recent attacks, the NIST changed its policy for federal agencies, recommending in March of 2006 that it cease use of SHA-1 as soon as possible and move to SHA-2. The move to SHA-2 is required of all agencies as of 2010, with some exceptions for minor use such as message authentication codes, key derivation functions and random number generators.
NIST's goal is to provide greater security and efficiency for applications using cryptographic hash algorithms. A tentative timeline (PDF) was presented at the Second Cryptographic Hash Workshop held in August of 2006. The timeline was adjusted to take into consideration such practical things as other workshops to minimize travel for interested parties and the FIPS 180-2 reviews scheduled for 2007 and 2012.
A draft set of requirements for acceptability, submission and evaluation criteria were published in January of 2007 and after a three month open comment period, were revised. The actual requirements for the competition (PDF) were published to the federal register on November 2, 2007.
The entire process for the SHA-3 competition is similar to that of the past Advanced Encryption Standard competition that was held by NIST in years past.
FIPS 180-2 specifies five cryptographic hash algorithms: SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512. Superseding FIPS 180-1 in August of 2002, FIPS 180-2 is already five years old, and with advances in cryptography and computing power, it's hard to be surprised that those algorithms have come under heavy attack.
Source:Daily Tech
Read More......
The National Institute of Science and Technology (NIST) recently announced a competition to create a new hash algorithm. Hashes are algorithms that convert blocks of data into a short fingerprint to use in message authentication, digital signatures, and other security applications.
The competition comes as advances in algorithm analysis make the current SHA-1 and SHA-2 family standards more vulnerable. NIST plans to have the new hash algorithm, which will be known as Secure Hash Algorithm-3 (SHA-3) augment the standards presently specified in the Federal Information Processing Standard (FIPS) 180-2, Secure Hash Standard. Federal civilian computers are required to use these standards, and many in the private sector adopt them as well.
In particular, the SHA-1 family has been seriously attacked in recent years. Due to the success of recent attacks, the NIST changed its policy for federal agencies, recommending in March of 2006 that it cease use of SHA-1 as soon as possible and move to SHA-2. The move to SHA-2 is required of all agencies as of 2010, with some exceptions for minor use such as message authentication codes, key derivation functions and random number generators.
NIST's goal is to provide greater security and efficiency for applications using cryptographic hash algorithms. A tentative timeline (PDF) was presented at the Second Cryptographic Hash Workshop held in August of 2006. The timeline was adjusted to take into consideration such practical things as other workshops to minimize travel for interested parties and the FIPS 180-2 reviews scheduled for 2007 and 2012.
A draft set of requirements for acceptability, submission and evaluation criteria were published in January of 2007 and after a three month open comment period, were revised. The actual requirements for the competition (PDF) were published to the federal register on November 2, 2007.
The entire process for the SHA-3 competition is similar to that of the past Advanced Encryption Standard competition that was held by NIST in years past.
FIPS 180-2 specifies five cryptographic hash algorithms: SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512. Superseding FIPS 180-1 in August of 2002, FIPS 180-2 is already five years old, and with advances in cryptography and computing power, it's hard to be surprised that those algorithms have come under heavy attack.
Source:Daily Tech
