security

NIST issues SHA-3 cryptographic hash standard

The National Institute of Standards and Technology has released the final version of its Secure Hash Algorithm-3 standard, which it calls “a next-generation tool for securing the integrity of electronic information.”

The SHA-3 family of hash functions was developed through a public competition that drew 64 submissions for proposed hashing algorithms. The new standard, Federal Information Processing Standard (FIPS) 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, is based on an instance of the KECCAK algorithm that NIST selected as the winner of the SHA-3 Cryptographic Hash Algorithm Competition in October 2012.

A hash algorithm is a cryptographic tool that can create a digest – a unique string of bits of a specific length – specific to a digital document. Even a small change in the original message creates a change in the digest, making it easier to detect accidental or intentional changes to the original message. In an environment when most documents are created and used digitally, hashing is an essential tool for verifying the authenticity of documents and digital signatures. Hash functions also can be used for message authentication and to verify that software has not been tampered with. Other applications of cryptographic hash functions include pseudorandom bit generation, message authentication codes and key derivation functions, according to NIST.

SHA-3 is not the only family of hash functions that NIST approves for hashing electronic messages; the SHA-2 family, approved for use in 2002, remains secure and viable. The two standards will complement each other and offer more options to designers of both hardware and software, according to NIST’s Shu-jen Chang. Some of the SHA-3 functions can, for example, be implemented without requiring much additional circuitry on a chip, potentially making them useful alternatives for securing very small devices, he said.

"SHA-3 is very different from SHA-2 in design," Chang said. "It doesn't replace SHA-2, which has not shown any problem, but offers a backup. It takes years to develop a new standard, and we wanted to be prepared in case problems do occur."

About the Author

Connect with the GCN staff on Twitter @GCNtech.

Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected