NIST, Computer Security Division, Computer Security Resource Center
Secure Hashing
Approved Algorithms
There are five (5) Approved algorithms for generating a condensed representation of a message (message digest): SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.
March 15, 2006: The SHA-2 family of hash functions (i.e., SHA-224, SHA-256, SHA-384 and SHA-512) may be used by Federal agencies for all applications using secure hash algorithms. Federal agencies should stop using SHA-1 for digital signatures, digital time stamping and other applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010. After 2010, Federal agencies may use SHA-1 only for the following applications: hash-based message authentication codes (HMACs); key derivation functions (KDFs); and random number generators (RNGs). Regardless of use, NIST encourages application and protocol designers to use the SHA-2 family of hash functions for all new applications and protocols.
SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512
FIPS 180-3, Secure Hash Standard (SHS), October 2008
FIPS 180-3 is a revision of FIPS 180-2. The FIPS specifies five secure hash algorithms for use in computing a condensed representation, called a message digest, of electronic data. The technical information about the security provided by the secure hash algorithms, and the length limits and security implications of truncated hash outputs is provided in Special Publication (SP) 800-107, Recommendation for Applications Using Approved Hash Algorithms (currently in draft form).
In August, 2004, researchers announced that they discovered a new way to break a number of cryptographic hash algorithms. Those initial attacks did not break any of the SHA family algorithms, as is reflected in NIST's comments at that time.
In February, 2005, however, researchers announced an attack on the full SHA-1 algorithm. Click here for NIST's brief comments on these latest attacks. (Statement revised April 25, 2006.)
NIST announces the release of 2nd draft Special Publication 800-106, Randomized Hashing for Digital Signatures. This Recommendation provides a technique to randomize messages that are input to a cryptographic hash functions during the generation of digital signatures. Please submit comments to quynh.dang@nist.gov with "Comments on Draft 800-106" in the subject line. The comment period closed on September 5, 2008.
NIST announces the release of the 2nd draft Special Publication 800-107, Recommendation for Applications Using Approved Hash Algorithms. This document provides security guidelines for achieving the required or desired security strengths when using cryptographic applications that employ the approved cryptographic hash functions specified in Federal Information Processing Standard (FIPS) 180-3, such as digital signature applications, Keyed-hash Message Authentication Codes (HMACs) and Hash-based Key Derivation Functions (HKDFs). Please submit comments to quynh.dang@nist.gov with "Comments on Draft 800-107" in the subject line. The comment period closed on October 9, 2008.
Second Cryptographic Hash Workshop August 24-25, 2006, UCSB, Santa Barbara
NIST plans to host a series of public workshops to focus on hash function research in preparation for developing additional hash function(s) through a public competition.
Back to TopTesting Products
Testing requirements and validation lists are available from the Cryptographic Algorithm Validation Program (CAVP).
Back to TopAdditional Information
Second Cryptographic Hash Workshop August 24-25, 2006, UCSB, Santa Barbara
As a follow-up to the first Cryptographic Hash Workshop held on Oct. 31-Nov. 1, 2005, NIST plans to host a series of public workshops to focus on hash function research in preparation for developing additional hash function(s) through a public competition. The next workshop will be held on August 24-25 at UCSB, Santa Barbara, in conjunction with Crypto 2006.
Cryptographic Hash Workshop October 31 - November 1, 2005
Recently a team of researchers reported that the SHA-1 function offers significantly less collision resistance than could be expected from a cryptographic hash function of its ouput size. NIST hosted a workshop to solicit public input in how best to respond to the current state of research in this area. An agenda and presentations from this workshop are available.