[Federal Register Volume 67, Number 63 (Tuesday, April 2, 2002)]
[Pages 15548-15549]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 02-7880]



National Institute of Standards and Technology

[Docket No. 000929279-1219-02]
RIN 0693-ZA41

Announcing Approval of Federal Information Processing Standard 
(FIPS) 198, The Keyed-Hash Message Authentication Code (HMAC)

AGENCY: National Institute of Standards and Technology (NIST), 

ACTION: Notice.


SUMMARY: The Secretary of Commerce approves FIPS 198, The Keyed-Hash 
Message Authentication Code (HMAC), and makes it compulsory and binding 
on Federal agencies for the protection of sensitive, unclassified 
information. FIPS 198 is an essential component of a comprehensive 
group of cryptographic techniques that government agencies need to 
protect data, communications, and operations. The Key-Hashed Message 
Authentication Code specifies a cryptographic process for protecting

[[Page 15549]]

the integrity of information and verifying the sender of the 
information. This FIPS will benefit federal agencies by providing a 
robust cryptographic algorithm that can be used to protect sensitive 
electronic data for many years.

EFFECTIVE DATE: This standard is effective August 6, 2002.

FOR FURTHER INFORMATION CONTACT: Ms. Elaine Barker, (301) 975-2911, 
National Institute of Standards and Technology, 100 Bureau Drive, STOP 
8930, Gaithersburg, MD 20899-8930.
    A copy of FIPS 198 is available electronically from the NIST 
website at: http://csrc.nist.gov/publications/drafts/dfips-HMAC.pdf.

SUPPLEMENTARY INFORMATION: A notice was published in the Federal 
Register (Volume 66, Number 4, pp.1088-9) on January 5, 2001, 
announcing the proposed FIPS for Keyed-Hash Message Authentication Code 
(HMAC) for public review and comment. The Federal Register notice 
solicited comments from the public, academic and research communities, 
manufacturers, voluntary standards organizations, and Federal, state, 
and local government organizations. In addition to being published in 
the Federal Register, the notice was posted on the NIST Web pages; 
information was provided about the submission of electronic comments. 
Comments and responses were received from four individuals and private 
sector organizations, and from one Canadian government organization. 
None of the comments opposed the adoption of the Keyed-Hash Message 
Authentication Code (HMAC) as a Federal Information Processing 
Standard. Some comments offered editorial suggestions that were 
reviewed. Changes were made to the standard where appropriate.
    Following is an analysis of the technical and related comments 
    Comment: A comment expressed concern about the security of the 
recommended FIPS. It specifies a 32-bit MAC, as compared to a 
requirement of a voluntary industry standard of the retail banking 
community for an 80-bit MAC (using the Triple Data Encryption 
Algorithm). Also a clarification was requested concerning the 
requirement in the recommended FIPS for ``periodic key changes.''
    Response: HMAC for the banking community is specified in a draft 
voluntary industry standard (ANSI X9.71), and mandates a 80-bit MAC. 
This recommended FIPS is based on that draft standard, but was written 
to allow the 32-bit MAC, which is used by the banking community and in 
other applications where there is little risk in the use of a 
relatively short MAC. NIST believes that the strengths of the 32-bit 
HMAC and the Triple DES MAC against collision type attacks mentioned in 
the comment are equivalent; collision type attacks use trial and error 
tactics to try to guess the MAC. NIST believes that the recommended 
FIPS provides adequate security, and that it will encourage a broad 
application of message authentication techniques.
    NIST believes that changing keys periodically is a good practice. 
This issue is not addressed in ANSI X9.71. Key changes are recommended 
even when very strong algorithms with large keys are used, since keys 
can be compromised in ways that do not depend on the strength of the 
algorithm. The recommended FIPS does not specify how often keys should 
be changed. This will be addressed in a guidance document on key 
management that is currently under development. Information about this 
guidance document is posted on NIST's web pages (http://www.nist.gov/kms).
    Comment: A comment suggested that a table of equivalent key sizes 
for different algorithms was needed, and that the values allowed for 
the key size and MAC length should be more restrictive.
    Response: Advice about key sizes and the equivalent sizes between 
different cryptographic algorithms is more properly addressed in FIPS 
180-1, Secure Hash Standard (currently under revision as FIPS 180-2) 
and the planned guidance document on key management. With regard to 
restrictions on the key size and MAC length, NIST believes that the 
marketplace will determine the predominating sizes.
    Comment: A comment recommended that references to and examples of 
new hash algorithms (SHA-256, SHA-384 and SHA-512) be included.
    Response: The new hash algorithms mentioned have not yet been 
approved for use. NIST believes that it is inappropriate to provide 
references to and examples of algorithms that are not yet approved 
standards. When the new hash algorithms have been approved, examples 
using these algorithms will be available on NIST's web pages. http://www.nist.gov/cryptotoolkit.
    Comment: A comment recommended that OIDs (Object Identifiers) 
should be included for HMAC using the new hash algorithms mentioned 
    Response: The need for different object identifiers keeps changing. 
In addition, the new hash algorithms have not been approved as 
standards. Therefore, NIST believes that OIDs should not be included in 
this recommended standard. A reference to a NIST web site has been 
provided in the standard to help users obtain HMAC OIDs.
    Comment: An observation was made regarding the different 
restrictions for the key size and MAC size (truncated output) for the 
recommended FIPS, for RFC 2104 and for ANSI X9.71. The comment 
mentioned incompatibilities when products are validated against these 

    Authority: Under Section 5131 of the Information Technology 
Management Reform Act of 1996 and the Computer Security Act of 1987, 
the Secretary of Commerce is authorized to approve standards and 
guidelines for the cost effective security and privacy of sensitive 
information processed by federal computer systems.

    E.O. 12866: This notice has been determined to be significant for 
the purposes of E.O. 12866.

    Dated: March 25, 2002.
Karen H. Brown,
Deputy Director.
[FR Doc. 02-7880 Filed 4-1-02; 8:45 am]