A revision of Federal Information Processing Standard (FIPS) 180, Secure Hash Standard (SHS), is being proposed. This proposed revision corrects a technical flaw that made the standard less secure than had been thought. The algorithm is still reliable as a security mechanism, but the correction returns the SHS to the original level of security.
The SHS produces a 160-bit output called a message digest for a message of any size. This message digest can be used with FIPS 186, Digital Signature Standard (DSS), to compute a signature for the message. The same message digest should be obtained by the verifier of the signature when the received version of the message is used as input to the Secure Hash Algorithm (SHA). Any change to the message in transmit should produce a different message digest, indicating to the verifier that a change has been made to the message. The purpose of this notice is to solicit views from the public, manufacturers, and Federal, state, and local government users prior to submission of this proposed revision to the Secretary of Commerce for review and approval. The proposed revision contains two sections: (1) An announcement, which provides information concerning the applicability, implementation, and maintenance of the standard; and (2) specifications which deal with the technical aspects of the standard. Only the announcement section of the standard is provided in this notice. I
DATES: Comments on this proposed revision must be received on or before October 11, 1994.