U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NIST Requests Public Comments on SP 800-106, Randomized Hashing for Digital Signatures
January 13, 2022

NIST is in the process of a periodic review and maintenance of its cryptography standards and guidelines.   

Currently, we are reviewing the following publication: 

SP 800-106 provides a way to enhance the security of the cryptographic hash functions used in digital signatures by randomizing the messages.  

NIST requests feedback on all aspects of SP 800-106. Also, since SP 800-106 was originally published to address concerns about using SHA-1 for digital signatures, NIST would appreciate feedback on the following issues: 

  • Is this publication still needed, given the following?

    • SHA-1 has been deprecated for signature generation (per SP 800-131A Rev. 1).

    • The security of SHA-2—defined in FIPS 180-4—is better understood.

    • SHA-3 is defined in FIPS 202.  

  • Are there any existing or new use cases that depend on SP 800-106?  

The public comment period is open through March 16, 2022. Comments may address the concerns raised in this announcement or other issues around security, implementations, clarity, risk, or relevance to current applications.  

Send comments to cryptopubreviewboard@nist.gov with “Comments on SP 800-106” in the Subject. 

For more information about the review process, visit the Crypto Publication Review Project page

Parent Project

See: Crypto Publication Review Project

Related Topics

Security and Privacy: digital signatures, secure hashing

Created January 10, 2022, Updated January 13, 2022