NIST is in the process of a periodic review and maintenance of its cryptography standards and guidelines.
This announcement initiates the review of Federal Information Processing Standard (FIPS) 180-4, Secure Hash Standard (SHS), 2015.
NIST requests public comments on all aspects of FIPS 180-4. Additionally, NIST would appreciate feedback on the following two areas of particular concern:
- SHA-1. In recent years, the cryptanalytic attacks on the SHA-1 hash function have become increasingly severe and practical (see, e.g., the 2020 paper "SHA-1 is a Shambles" by Leurent and Peyrin). NIST, therefore, plans to remove SHA-1 from a revision of FIPS 180-4 and to deprecate and eventually disallow all uses of SHA-1. The Cryptographic Module Validation Program will establish a validation transition schedule.
* How will this plan impact fielded and planned SHA-1 implementations?
* What should NIST consider in establishing the timeline for disallowing SHA-1?
- Interface. The "Init, Update, Final" interface was part of the SHA-3 Competition submission requirements. Should a revision of FIPS 180-4 discuss the “Init, Update, Final” hash function interface?
The public comment period is open through September 9, 2022. Comments may address the concerns raised in this announcement or other issues around security, implementation, clarity, risk, or relevance to current applications.
Send comments to [email protected] with “Comments on FIPS 180-4” in the Subject.
For more information about the review process, visit the Crypto Publication Review Project page.