30 May 2001
Source: http://www.access.gpo.gov/su_docs/aces/fr-cont.html

-------------------------------------------------------------------------

[Federal Register: May 30, 2001 (Volume 66, Number 104)]
[Notices]               
[Page 29287]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr30my01-28]                         


[[Page 29287]]

-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institutes of Standards and Technology

[Docket No. 001214352-0352-01]
RIN 0693-AB34

 
Announcing Draft Federal Information Processing Standards (FIPS) 
180-2, Secure Hash Standard, and Request for Comments

AGENCY: National Institutes of Standards and Technology (NIST), 
Commerce.

ACTION: Notice, request for comments.

-----------------------------------------------------------------------

SUMMARY: This notice announces Draft Federal Information Processing 
Standard (FIPS) 180-2, Secure Hash Standard (SHS), for public review 
and comment. The draft standard, designated ``Draft FIPS 180-2,'' is 
proposed to supersede FIPS 180-1.
    Published in 1992, FIPS 180-1 specified that the standard be 
reviewed within five years. The standard specifies a secure hash 
algorithm, designated SHA-1, which produces a 160-bit output called a 
message digest. To provide for comparability with the anticipated 
increase in security to be afforded by the use of the Advanced 
Encryption Standard (currently under development), NIST is proposing 
the expansion of the hash standard to include additional algorithms 
that produce a 256-bit, 384-bit, and 512-bit message digest. The 
proposed standard is available at http://www.nist.gov/sha.
    Prior to the submission of this proposed standard to the Secretary 
of Commerce for review and approval, it is essential that consideration 
is given to the needs and views of the public, users, the information 
technology industry, and Federal, State, and local government 
organizations. The purpose of this notice is to solicit such views.

DATES: Comments must be received on or before August 28, 20001.

ADDRESSES: Written comments may be sent to: Chief, Computer Security 
Division, Information Technology Laboratory, Attention: Comments on 
Draft FIPS 180-2, 100 Bureau Drive, Stop 8930, National Institute of 
Standards and Technology, Gaithersburg, MD 20899-8930.
    Electronic Comments may be sent to: Proposed 180-2@nist.gov.
    The current FIPS 180-1 and its proposed replacement, Draft FIPS 
180-2, are available electronically at http://www.nist.gov/sha.
    Comments received in response to this notice will be published 
electronically at http://www.nist.gov/sha.

FOR FURTHER INFORMATION CONTACT: Elaine Barker, Computer Security 
Division, National Institutes of Standards and Technology, 
Gaithersburg, MD 20899-8930, telephone (301) 975-2911, e-mail: 
elaine.barker@nist.gov.

SUPPLEMENTARY INFORMATION: FIPS 180-1, Secure Hash Standard, issued in 
1995, specifies a secure has algorithm, designated SHA-1, for computing 
a condensed representation of a message or a data file. When a data is 
input, the SHA-1 produces a 160-bit output called a message digest. The 
message digest can then be used as input to a digital signature 
algorithm that generates or verifies the digital signature for a 
message. Other uses of a message digest include the generation of 
random numbers and keyed hash message authentication codes.
    As technology advances, the input parameters used by signature 
algorithms must be increased to provide adequate security. One of these 
inputs is the message digest. Therefore, as part of the five-year 
review of the hash standard, Draft FIPS 180-2 proposed additional has 
algorithms with outputs of 256-bit, 384-bit and 512-bits. The 
additional algorithms will produce outputs that will provide security 
comparable to that projected for the Advanced Encryption Standard.

    Authority:  NIST's activities to develop computer security 
standards to protect Federal sensitive (unclassified) systems are 
undertaken pursuant to specific responsibilities assigned to NIST in 
Section 5131 of the Information Technology Management Reform Act of 
1996 (P.L. 104-106), the Computer Security Act of 1987 (P.L. 100-
235), and Appendix III to Office of Management and Budget Circular 
A-130.

    Executive Order 12866: This notice has been determined to be non-
significant for the purposes of Executive Order 12866.

    Dated: May 21, 2001.
Karen H. Brown,
Acting Director, NIST.
[FR Doc. 01-13522 Filed 5-29-01; 8:45 am]
BILLING CODE 3510-CN-M