New hash standard set
Secretary of Commerce Don Evans has approved a new secure hashing standard for sensitive but unclassified information. It will become mandatory Feb. 1.
Federal Information Processing Standard 180-2, developed by the National Institute of Standards and Technology, replaces FIPS 180-1. It uses three algorithms to produce longer hashes, or message digests, for digital signatures and message authentication.
Besides the SHA-1 algorithm from FIPS 180-1, which produces 160-bit message digests, FIPS 180-2 can produce 256-, 384- and 512-bit digests. Because SHA-1 is part of FIPS 180-2, products already certified under FIPS 180-1 can continue to be used after Feb. 1.
A hashing algorithm reduces a document to a series of digits, and it is 'computationally infeasible to find two different messages that produce the same message digest,' NIST said. Any change to the document will result in a different digest, or hash, which reveals the change.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.