New version of FIPS hashing standard approved

The Commerce Department has approved a revised Federal Information Processing Standard (FIPS) specifying an algorithm for applications requiring message authentication.

FIPS Publication 198-1, titled 'The Keyed-Hash Message Authentication Code (HMAC)' replaces FIPS Publication 198. A draft of the new standard was released by the National Institute of Standards and Technology in 2007; the revised version became effective Tuesday with publication of a notice in the Federal Register.

The Message Authentication Code uses a secret key that is shared with the intended recipient. The sender uses the key to produce a hash, or message digest, unique to the message being sent. The recipient uses the same key to produce a hash of the message being received. If the hashes match, the recipient can be sure that the message has not been altered and that it came from the other holder of the key. FIPS 198-1 specifies a mechanism for message authentication using cryptographic hash functions in federal information systems.

NIST received comments and questions from three federal government organizations and two from the public when the draft publication was released last year. Most comments concerned editorial or typographical changes. The primary change is that NIST removed some specific technical details that could require frequent updating. Putting this information in a separate publication rather than including it in the standard itself will let NIST update that information more quickly.

According to the publication, 'the length of truncated HMAC outputs and their security implications in FIPS 198 is not mentioned in this Standard; instead, it is described in SP [Special Publication] 800-107. The discussion about the limitations of MAC algorithms has been moved to SP 800-107.'

The information is included in SP 800-107, 'Recommendation for Applications Using Approved Hash Algorithms.'

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected