[Federal Register Volume 59, Number 131 (Monday, July 11, 1994)]
[Unknown Section]
[Page 0]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 94-16666]
[[Page Unknown]]
[Federal Register: July 11, 1994]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
[Docket No. 940675-4175]
RIN 0693-AB33
Proposed Revision of Federal Information Processing Standard
(FIPS) 180, Secure Hash Standard
AGENCY: National Institute of Standards and Technology (NIST),
Commerce.
ACTION: Notice; Request for comments.
-----------------------------------------------------------------------
SUMMARY: A revision of Federal Information Processing Standard (FIPS)
180, Secure Hash Standard (SHS), is being proposed. This proposed
revision corrects a technical flaw that made the standard less secure
than had been thought. The algorithm is still reliable as a security
mechanism, but the correction returns the SHS to the original level of
security.
The SHS produces a 160-bit output called a message digest for a
message of any size. This message digest can be used with FIPS 186,
Digital Signature Standard (DSS), to compute a signature for the
message. The same message digest should be obtained by the verifier of
the signature when the received version of the message is used as input
to the Secure Hash Algorithm (SHA). Any change to the message in
transmit should produce a different message digest, indicating to the
verifier that a change has been made to the message.
The purpose of this notice is to solicit views from the public,
manufacturers, and Federal, state, and local government users prior to
submission of this proposed revision to the Secretary of Commerce for
review and approval.
The proposed revision contains two sections: (1) An announcement,
which provides information concerning the applicability,
implementation, and maintenance of the standard; and (2) specifications
which deal with the technical aspects of the standard. Only the
announcement section of the standard is provided in this notice.
Interest parties may obtain copies of the specifications section from
the Standards Processing Coordinator (ADP), National Institute of
Standards and Technology, Technology Building, Room B-64, Gaithersburg,
MD 20899, telephone (301) 975-2816.
DATES: Comments on this proposed revision must be received on or before
October 11, 1994.
ADDRESSES: Written comments concerning the proposed revision should be
sent to: Director, Computer Systems Laboratory, ATTN: Proposed Revision
of FIPS 180, SHS, Technology Building, Room B-154, National Institute
of Standards and Technology, Gaithersburg, MD 20899
Written comments received in response to this notice will be made
part of the public record and will be made available for inspection and
copying in the Central Reference and Records Inspection Facility, Room
6020, Herbert C. Hoover Building, 14th Street between Pennsylvania and
Constitution Avenues, NW., Washington, DC 20230.
FOR FURTHER INFORMATION CONTACT:
Mr. Miles Smid, National Institute of Standards and Technology,
Gaithersburg, MD 20899, telephone (301) 975-2938.
SUPPLEMENTARY INFORMATION: NIST has been notified that Department of
Defense authorities have approved the use of the SHS with the DSS to
sign unclassified data processed by ``Warner Amendment'' systems (10
U.S.C. 2315 and 44 U.S.C. 3502(2)) as well as classified data in
selected applications.
Dated: July 5, 1994.
Samuel Kramer,
Associate Director.
Proposed Federal Information Processing Standards Publication 180-1
1994 May 31
Announcing the Secure Hash Standard
Federal Information Processing Standards Publications (FIPS PUBS)
are issued by the National Institute of Standards and Technology (NIST)
after approval by the Secretary of Commerce pursuant to Section 111(d)
of the Federal Property and Administrative Services Act of 1949 as
amended by the Computer Security Act of 1987, Public Law 100-235.
Name of Standard: Secure Hash Standard.
Category of Standard: Computer Security.
Explanation: This Standard specifies a secure hash algorithm, SHA-
1, for computing a condensed representation of a message or a data
file. When a message of any length <>64 bits is input, the SHA-1
produces a 160-bit output called a message digest. The message digest
can then be input to the Digital Signature Algorithm (DSA) which
generates or verifies the signature for the message (see Figure 1).
Signing the message digest rather than the message often improves the
efficiency of the process because the message digest is usually much
smaller in size than the message. The same hash algorithm must be used
by the verifier of a digital signature as was used by the creator of
the digital signature.
The SHA-1 is called secure because it is computationally infeasible
to find a message which corresponds to a given message digest, or to
find two different messages which produce the same message digest. Any
change to a message in transit will, with very high probability, result
in a different message digest, and the signature will fail to verify.
SHA-1 is a technical revision of SHA (FIPS 180). A circular left shift
operation has been added to the specifications in section 7, line b,
page 9 of FIPS 180 and its equivalent in section 8, line c, page 10 of
FIPS 180.* This revision improves the security provided by this
standard. The SHA-1 is based on principles similar to those used by
Professor Ronald L. Rivest of MIT when designing the MD4 message:
*Modification
In Section 7 of [1] (page 9), the line which reads
(b) For t=16 to 79 let Wt = Wt-3 XOR Wt-8 XOR
Wt-14 XOR Wt-16.
is to be replaced by
(b) For t=16 to 79 let Wt = S1(Wt-3 XOR Wt-8
XOR Wt-14 XOR Wt-16.
where S1 is a left circular shift by one bit as defined in Section
3 of [1] (page 6), namely S1(X) = (X <><1) v="" (x=""> > 31).
TN11JY94.000
BILLING CODE 3510-CN-C
Applications: The SHA-1 may be used with the DSA in electronic
mail, electronic funds transfer, software distribution, data storage,
and other applications which require data integrity assurance and data
origin authentication. The SHA-1 may also be used whenever it is
necessary to generate a condensed version of a message.
Implementations: The SHA-1 may be implemented in software,
firmware, hardware, or any combination thereof. Only implementations of
the SHA-1 that are validated by NIST will be considered as complying
with this standard. Information about the requirements for validating
implementations of this standard can be obtained from the National
Institute of Standards and Technology, Computer Systems Laboratory,
Attn: SHS Validation, Gaithersburg, MD 20899.
Export Control: Implementations of this standard are subject to
Federal Government export controls as specified in Title 15, Code of
Federal Regulations, Parts 768 through 799. Exporters are advised to
contact the Department of Commerce, Bureau of Export Administration for
more information.
Patents: Implementations of the SHA-1 in this standard may be
covered by U.S. and foreign patents.
Implementation Schedule: This standard becomes effective (insert 90
days after approval by the Secretary of Commerce).
Specifications: Federal Information Processing Standards (FIPS 180-
1) Secure Hash Standard (affixed).
Cross Index:
a. FIPS PUB 46-1, Data Encryption Standard.
b. FIPS PUB 73, Guidelines for Security of Computer Applications.
c. FIPS PUB 140-1, Security Requirements for Cryptographic Modules.
d. FIPS PUB 186, Digital Signature Standard.
e. Federal Information Resources Management Regulations (FIRMR)
subpart 201.20.303, Standards, and subpart 201.39.1002, Federal
Standards.
Objectives: The objectives of this standard are to:
a. Specify the secure hash algorithm required for use with the
Digital Signature Standard (FIPS 186) in the generation and
verification of digital signatures;
b. Specify the secure hash algorithm to be used whenever a secure
hash algorithm is required for Federal applications; and
c. Encourage the adoption and use of the specified secure hash
algorithm by private and commercial organizations.
Qualifications: While it is the intent of this standard to specify
a secure hash algorithm, conformance to this standard does not assure
that a particular implementation is secure. The responsible authority
in each agency or department shall assure that an overall
implementation provides an acceptable level of security. This standard
will be reviewed every five years in order to assess its adequacy.
Waiver Procedure: Under certain exceptional circumstances, the
heads of Federal departments and agencies may approve waivers to
Federal Information Processing Standards (FIPS). The head of such
agency may redelegate such authority only to a senior official
designated pursuant to section 3506(b) of Title 44, United States Code.
Waiver shall be granted only when:
a. Compliance with a standard would adversely affect the
accomplishment of the mission of an operator of a Federal computer
system; or
b. Compliance with a standard would cause a major adverse financial
impact on the operator which is not offset by Government-wide savings.
Agency heads may act upon a written waiver request containing the
information detailed above. Agency heads may also act without a written
waiver request when they determine that conditions for meeting the
standing cannot be met. Agency heads may approve waivers only by a
written decision which explains the basis on which the agency head made
the required finding(s). A copy of each decision, with procurement
sensitive or classified portions clearly identified, shall be sent to:
National Institute of Standards and Technology; ATTN: FIPS Waiver
Decisions, Technology Building, Room B-154, Gaithersburg, MD 20899.
In addition, notice of each waiver granted and each delegation of
authority to approve waivers shall be sent promptly to the Committee on
Government Operations of the House of Representatives and the Committee
on Government Affairs of the Senate and shall be published promptly in
the Federal Register.
When the determination on a waiver applies to the procurement of
equipment and/or services, a notice of the waiver determination must be
published in the Commerce Business Daily as part of the notice of
solicitation for offers of an acquisition or, if the waiver
determination is made after that notice is published, by amendment to
such notice.
A copy of the waiver, any supporting documents, the document
approving the waiver and any accompanying documents, with such
deletions as the agency is authorized and decides to make under 5
United States Code Section 552(b), shall be part of the procurement
documentation and retained by the agency.
Where to Obtain Copies of the Standard: Copies of this publication
are for sale by the National Technical Information Service, U.S.
Department of Commerce, Springfield, VA 22161. When ordering, refer to
Federal Information Processing Standards Publication 180-1 (FIPS PUB
180-1), and identify the title. When microfiche is desired, this should
be specified. Prices are published by NTIS in current catalogs and
other issuances. Payment may be made by check, money order, deposit
account or charged to a credit card accepted by NTIS.
[FR Doc. 94-16666 Filed 7-8-94; 8:45 am]
BILLING CODE 3510-CN-M
