U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

Secure websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to our website. Please do not share sensitive information with us.

NIST Requests Public Comments on FIPS 180-4, Secure Hash Standard (SHS)
June 09, 2022

NIST is in the process of a periodic review and maintenance of its cryptography standards and guidelines.   

This announcement initiates the review of Federal Information Processing Standard (FIPS) 180-4, Secure Hash Standard (SHS), 2015.

NIST requests public comments on all aspects of FIPS 180-4. Additionally, NIST would appreciate feedback on the following two areas of particular concern:

  1. SHA-1. In recent years, the cryptanalytic attacks on the SHA-1 hash function have become increasingly severe and practical (see, e.g., the 2020 paper "SHA-1 is a Shambles" by Leurent and Peyrin). NIST therefore plans to remove SHA-1 from a revision of FIPS 180-4 and to deprecate and eventually disallow all uses of SHA-1. The Cryptographic Module Validation Program will establish a validation transition schedule.
    • How will this plan impact fielded and planned SHA-1 implementations?
    • What should NIST consider in establishing the timeline for disallowing SHA-1?
  2. Interface. The "Init, Update, Final" interface was part of the SHA-3 Competition submission requirements. Should a revision of FIPS 180-4 discuss the “Init, Update, Final” hash function interface?

The public comment period is open through September 9, 2022. Comments may address the concerns raised in this announcement or other issues around security, implementation, clarity, risk, or relevance to current applications.  

Send comments to cryptopubreviewboard@nist.gov with “Comments on FIPS 180-4” in the Subject. 

For more information about the review process, visit the Crypto Publication Review Project page

Related Topics

Security and Privacy: secure hashing

Created June 09, 2022