NIST Requests Public Comments on FIPS 180-4, Secure Hash Standard (SHS)

 NIST is in the process of a periodic review and maintenance of its
cryptography standards and guidelines.   

This announcement initiates the review of Federal Information Processing
Standard (FIPS) 180-4
Secure Hash
Standard (SHS)
, 2015.

NIST requests public
comments on all aspects of FIPS 180-4
. Additionally, NIST would
appreciate feedback on the following two areas of particular concern:

  1. SHA-1. In recent years, the cryptanalytic attacks on the SHA-1
    hash function have become increasingly severe and practical (see, e.g., the 2020
    paper “SHA-1 is a Shambles” by Leurent and Peyrin
    ).
    NIST, therefore, plans to remove SHA-1 from a revision of FIPS 180-4 and
    to deprecate and eventually disallow all uses of SHA-1. The Cryptographic
    Module Validation Program
     will establish a validation
    transition schedule.

     *  How will this plan impact fielded and
planned SHA-1 implementations?

   
 *  What should NIST consider in establishing the timeline for
disallowing SHA-1?

  1. Interface. The “Init, Update, Final” interface was part
    of the SHA-3 Competition submission requirements. Should a revision of
    FIPS 180-4 discuss the “Init, Update, Final” hash function interface?

 The public comment period is open through September 9, 2022. Comments
may address the concerns raised in this announcement or other issues around
security, implementation, clarity, risk, or relevance to current
applications.  

Send comments to [email protected] with
“Comments on FIPS 180-4” in the Subject. 

For more information about the review process, visit the Crypto
Publication Review Project page

Read
More