[Federal Register Volume 59, Number 131 (Monday, July 11, 1994)]
[Unknown Section]
[Page 0]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 94-16666]

[[Page Unknown]]

[Federal Register: July 11, 1994]


[Docket No. 940675-4175]
RIN 0693-AB33


Proposed Revision of Federal Information Processing Standard 
(FIPS) 180, Secure Hash Standard

AGENCY: National Institute of Standards and Technology (NIST), 

ACTION: Notice; Request for comments.


SUMMARY: A revision of Federal Information Processing Standard (FIPS) 
180, Secure Hash Standard (SHS), is being proposed. This proposed 
revision corrects a technical flaw that made the standard less secure 
than had been thought. The algorithm is still reliable as a security 
mechanism, but the correction returns the SHS to the original level of 
    The SHS produces a 160-bit output called a message digest for a 
message of any size. This message digest can be used with FIPS 186, 
Digital Signature Standard (DSS), to compute a signature for the 
message. The same message digest should be obtained by the verifier of 
the signature when the received version of the message is used as input 
to the Secure Hash Algorithm (SHA). Any change to the message in 
transmit should produce a different message digest, indicating to the 
verifier that a change has been made to the message.
    The purpose of this notice is to solicit views from the public, 
manufacturers, and Federal, state, and local government users prior to 
submission of this proposed revision to the Secretary of Commerce for 
review and approval.
    The proposed revision contains two sections: (1) An announcement, 
which provides information concerning the applicability, 
implementation, and maintenance of the standard; and (2) specifications 
which deal with the technical aspects of the standard. Only the 
announcement section of the standard is provided in this notice. 
Interest parties may obtain copies of the specifications section from 
the Standards Processing Coordinator (ADP), National Institute of 
Standards and Technology, Technology Building, Room B-64, Gaithersburg, 
MD 20899, telephone (301) 975-2816.

DATES: Comments on this proposed revision must be received on or before 
October 11, 1994.

ADDRESSES: Written comments concerning the proposed revision should be 
sent to: Director, Computer Systems Laboratory, ATTN: Proposed Revision 
of FIPS 180, SHS, Technology Building, Room B-154, National Institute 
of Standards and Technology, Gaithersburg, MD 20899
    Written comments received in response to this notice will be made 
part of the public record and will be made available for inspection and 
copying in the Central Reference and Records Inspection Facility, Room 
6020, Herbert C. Hoover Building, 14th Street between Pennsylvania and 
Constitution Avenues, NW., Washington, DC 20230.

Mr. Miles Smid, National Institute of Standards and Technology, 
Gaithersburg, MD 20899, telephone (301) 975-2938.

SUPPLEMENTARY INFORMATION: NIST has been notified that Department of 
Defense authorities have approved the use of the SHS with the DSS to 
sign unclassified data processed by ``Warner Amendment'' systems (10 
U.S.C. 2315 and 44 U.S.C. 3502(2)) as well as classified data in 
selected applications.

    Dated: July 5, 1994.
Samuel Kramer,
Associate Director.

Proposed Federal Information Processing Standards Publication 180-1

1994 May 31

Announcing the Secure Hash Standard

    Federal Information Processing Standards Publications (FIPS PUBS) 
are issued by the National Institute of Standards and Technology (NIST) 
after approval by the Secretary of Commerce pursuant to Section 111(d) 
of the Federal Property and Administrative Services Act of 1949 as 
amended by the Computer Security Act of 1987, Public Law 100-235.
    Name of Standard: Secure Hash Standard.
    Category of Standard: Computer Security.
    Explanation: This Standard specifies a secure hash algorithm, SHA-
1, for computing a condensed representation of a message or a data 
file. When a message of any length <264 bits is input, the SHA-1 
produces a 160-bit output called a message digest. The message digest 
can then be input to the Digital Signature Algorithm (DSA) which 
generates or verifies the signature for the message (see Figure 1). 
Signing the message digest rather than the message often improves the 
efficiency of the process because the message digest is usually much 
smaller in size than the message. The same hash algorithm must be used 
by the verifier of a digital signature as was used by the creator of 
the digital signature.
    The SHA-1 is called secure because it is computationally infeasible 
to find a message which corresponds to a given message digest, or to 
find two different messages which produce the same message digest. Any 
change to a message in transit will, with very high probability, result 
in a different message digest, and the signature will fail to verify. 
SHA-1 is a technical revision of SHA (FIPS 180). A circular left shift 
operation has been added to the specifications in section 7, line b, 
page 9 of FIPS 180 and its equivalent in section 8, line c, page 10 of 
FIPS 180.* This revision improves the security provided by this 
standard. The SHA-1 is based on principles similar to those used by 
Professor Ronald L. Rivest of MIT when designing the MD4 message:


In Section 7 of [1] (page 9), the line which reads
    (b) For t=16 to 79 let Wt = Wt-3 XOR Wt-8 XOR 
Wt-14 XOR Wt-16.
is to be replaced by
    (b) For t=16 to 79 let Wt = S1(Wt-3 XOR Wt-8 
XOR Wt-14 XOR Wt-16.
where S1 is a left circular shift by one bit as defined in Section 
3 of [1] (page 6), namely S1(X) = (X < <1) v (X > > 31).


    Applications: The SHA-1 may be used with the DSA in electronic 
mail, electronic funds transfer, software distribution, data storage, 
and other applications which require data integrity assurance and data 
origin authentication. The SHA-1 may also be used whenever it is 
necessary to generate a condensed version of a message.
    Implementations: The SHA-1 may be implemented in software, 
firmware, hardware, or any combination thereof. Only implementations of 
the SHA-1 that are validated by NIST will be considered as complying 
with this standard. Information about the requirements for validating 
implementations of this standard can be obtained from the National 
Institute of Standards and Technology, Computer Systems Laboratory, 
Attn: SHS Validation, Gaithersburg, MD 20899.
    Export Control: Implementations of this standard are subject to 
Federal Government export controls as specified in Title 15, Code of 
Federal Regulations, Parts 768 through 799. Exporters are advised to 
contact the Department of Commerce, Bureau of Export Administration for 
more information.
    Patents: Implementations of the SHA-1 in this standard may be 
covered by U.S. and foreign patents.
    Implementation Schedule: This standard becomes effective (insert 90 
days after approval by the Secretary of Commerce).
    Specifications: Federal Information Processing Standards (FIPS 180-
1) Secure Hash Standard (affixed).
    Cross Index:
    a. FIPS PUB 46-1, Data Encryption Standard.
    b. FIPS PUB 73, Guidelines for Security of Computer Applications.
    c. FIPS PUB 140-1, Security Requirements for Cryptographic Modules.
    d. FIPS PUB 186, Digital Signature Standard.
    e. Federal Information Resources Management Regulations (FIRMR) 
subpart 201.20.303, Standards, and subpart 201.39.1002, Federal 
    Objectives: The objectives of this standard are to:
    a. Specify the secure hash algorithm required for use with the 
Digital Signature Standard (FIPS 186) in the generation and 
verification of digital signatures;
    b. Specify the secure hash algorithm to be used whenever a secure 
hash algorithm is required for Federal applications; and
    c. Encourage the adoption and use of the specified secure hash 
algorithm by private and commercial organizations.
    Qualifications: While it is the intent of this standard to specify 
a secure hash algorithm, conformance to this standard does not assure 
that a particular implementation is secure. The responsible authority 
in each agency or department shall assure that an overall 
implementation provides an acceptable level of security. This standard 
will be reviewed every five years in order to assess its adequacy.
    Waiver Procedure: Under certain exceptional circumstances, the 
heads of Federal departments and agencies may approve waivers to 
Federal Information Processing Standards (FIPS). The head of such 
agency may redelegate such authority only to a senior official 
designated pursuant to section 3506(b) of Title 44, United States Code. 
Waiver shall be granted only when:
    a. Compliance with a standard would adversely affect the 
accomplishment of the mission of an operator of a Federal computer 
system; or
    b. Compliance with a standard would cause a major adverse financial 
impact on the operator which is not offset by Government-wide savings.
    Agency heads may act upon a written waiver request containing the 
information detailed above. Agency heads may also act without a written 
waiver request when they determine that conditions for meeting the 
standing cannot be met. Agency heads may approve waivers only by a 
written decision which explains the basis on which the agency head made 
the required finding(s). A copy of each decision, with procurement 
sensitive or classified portions clearly identified, shall be sent to: 
National Institute of Standards and Technology; ATTN: FIPS Waiver 
Decisions, Technology Building, Room B-154, Gaithersburg, MD 20899.
    In addition, notice of each waiver granted and each delegation of 
authority to approve waivers shall be sent promptly to the Committee on 
Government Operations of the House of Representatives and the Committee 
on Government Affairs of the Senate and shall be published promptly in 
the Federal Register.
    When the determination on a waiver applies to the procurement of 
equipment and/or services, a notice of the waiver determination must be 
published in the Commerce Business Daily as part of the notice of 
solicitation for offers of an acquisition or, if the waiver 
determination is made after that notice is published, by amendment to 
such notice.
    A copy of the waiver, any supporting documents, the document 
approving the waiver and any accompanying documents, with such 
deletions as the agency is authorized and decides to make under 5 
United States Code Section 552(b), shall be part of the procurement 
documentation and retained by the agency.
    Where to Obtain Copies of the Standard: Copies of this publication 
are for sale by the National Technical Information Service, U.S. 
Department of Commerce, Springfield, VA 22161. When ordering, refer to 
Federal Information Processing Standards Publication 180-1 (FIPS PUB 
180-1), and identify the title. When microfiche is desired, this should 
be specified. Prices are published by NTIS in current catalogs and 
other issuances. Payment may be made by check, money order, deposit 
account or charged to a credit card accepted by NTIS.

[FR Doc. 94-16666 Filed 7-8-94; 8:45 am]