SHA-1: Federal agenciesshouldstop using SHA-1 for generating digital signatures, generating time stamps and for other applications that require collision resistance. Federal agencies may use SHA-1 for the following applications: verifying old digital signatures and time stamps, generating and verifying hash-based message authentication codes (HMACs), key derivation functions (KDFs), and random bit/number generation. Further guidance on the use of SHA-1 is provided in SP 800-131A.
SHA-2 (i.e., SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256): Federal agencies may use these hash functions for all applications that employ secure hash algorithms. NIST encourages application and protocol designers to implement SHA-256 at a minimum for any applications of hash functions requiring interoperability. Further guidance on the use of SHA-2 is provided in SP 800-57 Part 1, section 5.6.2 and SP 800-131A.
SHA-3 (i.e., SHA3-224, SHA3-256, SHA3-384, SHA3-512,SHAKE128 and SHAKE256):Federal agencies may use the four fixed-length SHA-3 algorithms—SHA3-224, SHA3-256, SHA3-384,andSHA3-512for all applications that employ secure hash algorithms. The SHA-3 Extendable-Output Functions (XOFs),SHAKE128andSHAKE256, can be specialized to hash functions, subject to additional security considerations. Guideline for using the XOFs will be provided in the future.Currently there is no need to transition applications from SHA-2 to SHA-3.
As an expert in cybersecurity and cryptographic protocols, my background encompasses a deep understanding of hashing algorithms and their implications in digital security. I've extensively worked on the practical implementation of various cryptographic standards and have a profound grasp of their applications in securing data and communications.
In the context of the article you provided from August 5, 2015, it addresses the use of Secure Hash Algorithm 1 (SHA-1), SHA-2 family (including SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256), and the emerging Secure Hash Algorithm 3 (SHA-3) variants, outlining the guidelines for federal agencies regarding their usage in cryptographic operations.
Let's break down the concepts mentioned in the article:
SHA-1:
Federal agencies were advised to discontinue using SHA-1 for generating digital signatures, time stamps, or any applications requiring collision resistance due to its vulnerabilities. However, it could still be used for specific purposes such as verifying old digital signatures, generating/verifying HMACs, KDFs, and random bit/number generation.
SHA-2:
Federal agencies were recommended to employ SHA-2 hash functions (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256) for all applications needing secure hash algorithms. SHA-256 was especially encouraged for its interoperability in hash function applications. Additional guidance was provided in documents SP 800-57 Part 1, section 5.6.2, and SP 800-131A.
SHA-3:
Federal agencies were allowed to use fixed-length SHA-3 algorithms (SHA3-224, SHA3-256, SHA3-384, and SHA3-512) for applications requiring secure hash algorithms. SHA-3 Extendable-Output Functions (XOFs) like SHAKE128 and SHAKE256 could potentially be specialized as hash functions, pending further security considerations. Detailed guidelines for XOF usage were planned for future release.
Transition from SHA-2 to SHA-3:
As of the provided article's date, there was no immediate necessity for transitioning applications from SHA-2 to SHA-3. Federal agencies were advised to use SHA-2 as per guidelines and monitor future updates for potential transitions based on security considerations.
Understanding these cryptographic algorithms is crucial in maintaining secure digital communication and data integrity, especially for government agencies dealing with sensitive information. The guidance provided in the mentioned documents aids in establishing standardized practices to mitigate vulnerabilities and enhance cybersecurity measures.
In 2011, NIST released SP 800-131A, which announced the deprecation of SHA-1 when generating new digital signatures and restricted further use of SHA-1 to only where allowed in NIST protocol-specific guidance.
NIST does not include MD5 in their list of recommended hashes for password storage. MD5 is also used in the field of electronic discovery, to provide a unique identifier for each document that is exchanged during the legal discovery process.
To protect passwords, experts suggest using a strong and slow hashing algorithm like Argon2 or Bcrypt, combined with salt (or even better, with salt and pepper). (Basically, avoid faster algorithms for this usage.) To verify file signatures and certificates, SHA-256 is among your best hashing algorithm choices.
A good hashing algorithm should have the following two properties: Deterministic: For a given input, the output of the hash function should always be the same. Collision resistant: It should be computationally infeasible to find two different inputs that produce the same hash output, known as a collision.
Hash tables offer efficient data storage and retrieval, but they come with some drawbacks. These include collision resolution, variable performance, space overhead, lack of ordered data, and dependency on a quality hash function. They are not ideal for range queries, and resizing can introduce overhead.
Approved hash algorithms for generating a condensed representation of a message (message digest) are specified in two Federal Information Processing Standards: FIPS 180-4, Secure Hash Standard and FIPS 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions.
Types of security of hash functions. Generally, the basic security of cryptographic hash functions can be seen from different angles: pre-image resistance, second pre-image resistance, collision resistance, and pseudo-randomness.
After 12/31/2030, any FIPS 140 validated cryptographic module that has SHA-1 as an approved algorithm will be moved to the historical list. NIST recommends that federal agencies transition away from SHA-1 for all applications as soon as possible. Federal agencies should use SHA-2 or SHA-3 as an alternative to SHA-1.
The main threat to SHA-1 is the fact that today's powerful computers can create two messages that lead to the same hash, potentially compromising an authentic message – the technique is referred to as a 'collision' attack.
SHA256 has several advantages over MD5 and SHA-1, such as producing a longer hash (256 bits) that is more resistant to collisions and brute-force attacks. Additionally, there are no known vulnerabilities or weaknesses with SHA256, unlike MD5 and SHA-1 which have been exploited by hackers and researchers.
SHA-1, SHA-256 and SHA-512 are all FIPS Approved secure hash algorithms and the HMAC function based on them are thus FIPS Approved HMAC functions. Using a compliante implementation — the official term is “validated”.
With this, performance is on par with SHA2-256 and SHA2-512. However, in hardware implementations, SHA-3 is notably faster than all other finalists, and also faster than SHA-2 and SHA-1.
Introduction: My name is Francesca Jacobs Ret, I am a innocent, super, beautiful, charming, lucky, gentle, clever person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.