NIST is in the process of a periodic review and maintenance of its
cryptography standards and guidelines.
This announcement initiates the review of Federal Information Processing
Standard (FIPS) 180-4, Secure Hash
Standard (SHS), 2015.
NIST requests public
comments on all aspects of FIPS 180-4. Additionally, NIST would
appreciate feedback on the following two areas of particular concern:
- SHA-1. In recent years, the cryptanalytic attacks on the SHA-1
hash function have become increasingly severe and practical (see, e.g., the 2020
paper “SHA-1 is a Shambles” by Leurent and Peyrin).
NIST, therefore, plans to remove SHA-1 from a revision of FIPS 180-4 and
to deprecate and eventually disallow all uses of SHA-1. The Cryptographic
Module Validation Program will establish a validation
transition schedule.
* How will this
plan impact fielded and planned SHA-1 implementations?
* What should NIST consider in establishing the timeline for disallowing
SHA-1?
- Interface. The “Init, Update, Final” interface was part
of the SHA-3 Competition submission requirements. Should a revision of
FIPS 180-4 discuss the “Init, Update, Final” hash function interface?
The public comment period is open through September 9, 2022. Comments
may address the concerns raised in this announcement or other issues around
security, implementation, clarity, risk, or relevance to current
applications.
Send comments to cryptopubreviewboard@nist.gov with
“Comments on FIPS 180-4” in the Subject.
For more information about the review process, visit the Crypto
Publication Review Project page.