New version of FIPS hashing standard approved
- By William Jackson
- Jul 30, 2008
The Commerce Department has approved a revised Federal Information Processing Standard (FIPS) specifying an algorithm for applications requiring message authentication.FIPS Publication 198-1
, titled 'The Keyed-Hash Message Authentication Code (HMAC)' replaces FIPS Publication 198. A draft of the new standard was released by the National Institute of Standards and Technology in 2007; the revised version became effective Tuesday with publication of a notice
in the Federal Register
The Message Authentication Code uses a secret key that is shared with the intended recipient. The sender uses the key to produce a hash, or message digest, unique to the message being sent. The recipient uses the same key to produce a hash of the message being received. If the hashes match, the recipient can be sure that the message has not been altered and that it came from the other holder of the key. FIPS 198-1 specifies a mechanism for message authentication using cryptographic hash functions in federal information systems.
NIST received comments and questions from three federal government organizations and two from the public when the draft publication was released last year. Most comments concerned editorial or typographical changes. The primary change is that NIST removed some specific technical details that could require frequent updating. Putting this information in a separate publication rather than including it in the standard itself will let NIST update that information more quickly.
According to the publication, 'the length of truncated HMAC outputs and their security implications in FIPS 198 is not mentioned in this Standard; instead, it is described in SP [Special Publication] 800-107. The discussion about the limitations of MAC algorithms has been moved to SP 800-107.'
The information is included in SP 800-107
, 'Recommendation for Applications Using Approved Hash Algorithms.'
William Jackson is a Maryland-based freelance writer.