New version of FIPS hashing standard approved

The Commerce Department has approved a revised Federal Information Processing Standard (FIPS) specifying an algorithm for applications requiring message authentication.

FIPS Publication 198-1, titled 'The Keyed-Hash Message Authentication Code (HMAC)' replaces FIPS Publication 198. A draft of the new standard was released by the National Institute of Standards and Technology in 2007; the revised version became effective Tuesday with publication of a notice in the Federal Register.

The Message Authentication Code uses a secret key that is shared with the intended recipient. The sender uses the key to produce a hash, or message digest, unique to the message being sent. The recipient uses the same key to produce a hash of the message being received. If the hashes match, the recipient can be sure that the message has not been altered and that it came from the other holder of the key. FIPS 198-1 specifies a mechanism for message authentication using cryptographic hash functions in federal information systems.

NIST received comments and questions from three federal government organizations and two from the public when the draft publication was released last year. Most comments concerned editorial or typographical changes. The primary change is that NIST removed some specific technical details that could require frequent updating. Putting this information in a separate publication rather than including it in the standard itself will let NIST update that information more quickly.

According to the publication, 'the length of truncated HMAC outputs and their security implications in FIPS 198 is not mentioned in this Standard; instead, it is described in SP [Special Publication] 800-107. The discussion about the limitations of MAC algorithms has been moved to SP 800-107.'

The information is included in SP 800-107, 'Recommendation for Applications Using Approved Hash Algorithms.'

About the Author

William Jackson is a Maryland-based freelance writer.


  • 2020 Government Innovation Awards
    Government Innovation Awards -

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected