In August 2021, NIST’s Crypto Publication Review Board initiated a process to review NIST Special Publication (SP) 800-107 Revision 1, Recommendation
for Applications Using Approved Hash Algorithms. SP 800-107 Rev. 1 discusses
the security strengths of hash functions and provides recommendations on
digital signatures, HMAC, hash-based key derivation functions, random number
generation, and the truncation of hash functions. See the initial public comments received by NIST.
On June 8, 2022, NIST proposed the
withdrawal of SP 800-107 Rev. 1 and called for comments on that
decision proposal. See the decision proposal comments received by NIST.
After considering the received
comments, NIST is planning to withdraw SP 800-107 Rev. 1. Since
the publication of SP 800-107 Rev. 1 in 2012, NIST has published (or revised)
multiple recommendations that cover hash functions in different applications in
more detail (e.g., SP 800-90A/B/C, SP 800-56A/B/C, SP 800-131A, SP 800-133, SP
800-135). In order to keep specific use requirements for a primitive in their
most relevant publications—and avoid duplicating them in a separate
publication—NIST has decided to withdraw SP 800-107 Rev. 1.
NIST has moved the supplementary material currently in SP 800-107
Rev. 1 to NIST’s hash functions webpage. Next, NIST will move the
requirements listed in SP 800-107 Rev.1 that are not currently addressed in
other standards to a new Implementation Guidance (IG)
developed by the Cryptographic Module Validation Program (CMVP).
These requirements will again be considered when hash-function-related
standards are revised. Once the new IG has been published, NIST will
withdraw SP 800-107 Rev. 1.
Information about the review process is available at NIST’s Crypto Publication Review Project.