New standard boosts security for digital docs
A new federal standard for Secure Hash Algorithms has been approved with two new algorithms tailored for 64-bit computing platforms.
The newly approved algorithms now are included in Federal Information Processing Standard 180-4, which was released by the National Institute of Standards and Technology March 6, replacing the previous version, FIPS 180-3.
Secure Hash Algorithms are cryptographic tools that create a unique message digest, or “fingerprint,” that can be used to verify that the contents of a digital document have not been altered. Running a hash algorithm against a digital message creates a digest, or string of bits of a specific length, that is unique to the message.
Secure hash competition down to the final 5
The algorithms specified in the standard are deemed secure because each digest is unique to the message it is associated with and it is mathematically unlikely that the contents of a “hashed” message could be derived from the message digest. This means that if a message is changed by a third party, the hash digests will no longer match, exposing the fact that it has been altered.
The previous standard contained five algorithms, SHA-1; and SHA-224, 256, 384 and 512, collectively known as SHA-2. Each algorithm produces a message digest of a specific length: SHA-1 produces a digest of 160 bits, SHA-224 produces one of 224 bits, and so on.
The new standard adds to this list SHA-512/224 and SHA-512/256. These are based on the SHA-512 algorithm, but produce a truncated digest of 224 or 256 bits, respectively. They are being added because they might be a more efficient alternative on platforms that are optimized for 64-bit operations.
NIST is in the process of a multiyear competition to find the next secure hash algorithm, SHA-3, which expected to be selected this year. The field of possible algorithms was whittled down in January to the final five from an initial field of 51. SHA-3 will be added to and eventually replace the algorithms now specified in FIPS 180-4. The competition for SHA-3 was opened in 2007 after weaknesses were discovered in the existing algorithms. Despite the weaknesses, they have not yet been cracked.
Other SHA-512-based algorithms could be specified as standards in the future as the need arises. When the new FIPS was opened for comment last year, NIST received a request that a SHA-512/160 also be approved. But NIST replied that “there is not much demand for a new SHA-512-based hash algorithm with 160-bit hash output at this time, since generating digital signatures using 160-bit hash values will be not approved after the year 2013.”
The new standard also removes a requirement for a preprocessing step called padding that is done before hash computation begins. Padding is the addition of bits to a message being hashed so that its length is a multiple of 512 or 1024 bits, depending on the algorithm being used. Under FIPS 180-4 padding can be inserted either before hash computation begins or at any other time during the hash computation as long as it is done before processing the message blocks containing the padding.