The National Institute of Standards and Technology (NIST) is planning a competition to develop one or more cryptographic "hash" algorithms to augment and revise the current Secure Hash Standard (Federal Information Processing Standard 180-2). As a first step in this process, NIST is looking for comments on its recently published draft minimum acceptability requirements, submission requirements and evaluation criteria for candidate algorithms.
Hashing algorithms are mathematical procedures that take data, usually a message, and chop and combine it down into a much shorter number that is a "fingerprint" of the original data. Good hash algorithms have two features—two different inputs are overwhelmingly likely to generate two different fingerprints, and given a specific fingerprint, there is no practical way of calculating a set of input data that will have the same fingerprint. Hash algorithms are used widely by the federal government and others in various applications, such as digital signatures and message authentication. FIPS 180-2 specifies five cryptographic hash algorithms—SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512. Because serious attacks have been reported in recent years against cryptographic hash algorithms, including SHA-1, NIST is preparing the groundwork for a more secure hash standard.
For more information on the proposed competition, including a copy of the Federal Register announcement issued Jan. 23, 2007, and to submit comments on the draft hash algorithm requirements and evaluation criteria, see www.nist.gov/hash-function. Since the submission requirements and the evaluation criteria may change as a result of the comments that NIST receives, candidate algorithms should not be submitted until the competition is announced later this year.