NIST Cryptographic Sites  Useful Information for Public Key Infrastructure Implementors  Two of the NIST Computer Security Division's major project areas are encryption technology and validation of cryptographic modules. These areas are important building blocks for PKI implementations. This page contains pointers to important NIST cryptographic projects.  Secure Hash Algorithms FIPS 180-1, The Secure Hash Algorithm, is the approved algorithm for generating a secure hash of sensitive but unclassified messages by government agencies.  Assymmetric Encryption Algorithms FIPS 186, The Digital Signature Standard, is the approved algorithm for digitally signing sensitive but unclassified information by government agencies. NIST has proposed expanding the DSS to incorporate additional algorithms, such as ECDSA and RSA. NIST has proposed developing an assymetric key management FIPS. Cryptographic Module Validation Program FIPS 140-1, Security Requirements for Cryptographic Modules, is at the core of NIST's cryptographic standards validation testing activities.  NIST maintains a list of validated cryptomodules that have been tested for conformity to FIPS 140-1. Symmetric Encryption Algorithms FIPS 46-2, The Data Encryption Standard (DES), is the approved symmetric algorithm for protection of sensitive but unclassified information by government agencies. Triple DES has been recommended by NIST as an interim solution where the 56-bit key size for DES is insufficient. This guidance was codified in the Feb. '97 ITL bulletin. The ongoing Advanced Encryption Standard (AES) project will develop the successor to FIPS 46-2. Authentication FIPS 196, Entity Authentication Using Public Key Cryptography, uses strong cryptography to improve upon the security afforded by passwords.  A PKI provides a strong foundation for FIPS 196 implementations.

 

NIST PKI Home Page     CSRC Home Page   NIST's Homepage  NIST Security Division