NIST says agencies should begin move to stronger hashing tools

The National Institute of Standards and Technology is urging agencies to begin migrating away from the flawed SHA-1 hashing algorithm in favor of stronger algorithms.

A family of Secure Hashing Algorithms has been approved under Federal Information Processing Standard 180-2 for federal use to create a secure message digest'or a hash'of digital documents. Any alterations in the document will result in a different hash, so it can be used to time stamp, sign or otherwise authenticate a document. Like any cryptographic function, an algorithm's strength lies in its ability to resist attacks from increasingly powerful computers, and SHA-1 has been around since 1994.

Researchers reported last year that they had broken SHA-1 for some functions, prompting concern about its continued use.

'Due to advances in computing power, NIST already planned to phase out SHA-1 in favor of the larger and stronger hash functions (SHA-224, SHA-256, SHA-384 and SHA-512) by 2010,' NIST said at that time, and advised agencies to 'develop plans on a timely basis for an orderly transition.'

NIST strengthened its recommendation Wednesday, saying 'federal agencies should stop using SHA-1 for digital signatures, digital time stamping and other applications that require collision resistance as soon as practical.'

After 2010, SHA-1 can be used only for hash-based message authentication codes, key derivation functions and random number generators.

'Regardless of use, NIST encourages application and protocol designers to use the SHA-2 family of hash functions for all new applications and protocols,' NIST said.

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above