[Federal Register Volume 72, Number 112 (Tuesday, June 12, 2007)]
[Notices]
[Pages 32281-32282]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E7-11309]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology

[Docket No.: 070413089-7091-01]


Announcing Draft Federal Information Processing Standard (FIPS) 
Publication 198-1, the Keyed-Hash Message Authentication Code, and 
Request for Comments

AGENCY: National Institute of Standards and Technology, Commerce.

ACTION: Notice and request for comments.

-----------------------------------------------------------------------

SUMMARY: This notice announces the Draft Federal Information Processing 
Standard (FIPS) 198-1, the Keyed-Hash Message Authentication Code 
(HMAC), for public review and comment. The draft standard, designated 
``Draft FIPS 198-1,'' is proposed to supersede FIPS 198, the Keyed-Hash 
Message Authentication Code, issued March 2002. FIPS 198-1 specifies a 
keyed-hash message authentication code (HMAC), a mechanism for message 
authentication using cryptographic hash functions and shared secret 
keys. The proposed standard is available at http://csrc.nist.gov/publications/drafts.html.
    Prior to the submission of this proposed standard to the Secretary 
of Commerce for review and approval, it is essential that consideration 
be given to the needs and views of the public, users, the information 
technology industry, and Federal, State, and local government 
organizations. The purpose of this notice is to solicit such views.

DATES: Comments must be received by September 10, 2007.

ADDRESSES: Written comments may be sent to: Chief, Computer Security 
Division, Information Technology Laboratory, Attention: Comments on 
Draft FIPS 198-1, 100 Bureau Drive--Stop 8930, National Institute of 
Standards and Technology, Gaithersburg, MD 20899-8930. Electronic 
comments may be sent to [email protected]. with a subject line of 
Keyed-Hash Message Authentication Code. The current FIPS 198 and its 
proposed replacement, Draft FIPS 198-1, are available electronically at 
http://csrc.nist.gov/publications/index.html.
    Comments received in response to this notice will be published 
electronically at http://csrc.nist.gov/CryptoToolkit/tkhash.html.

FOR FURTHER INFORMATION CONTACT: For general information, contact: 
Elaine Barker, National Institute of Standards and Technology, Stop 
8930,

[[Page 32282]]

Gaithersburg, MD 20899-8930, telephone: 301-975-2911 or via fax at 301-
975-8670, e-mail: [email protected]. or Quynh Dang, telephone: 
301-975-3610, e-mail: [email protected].

SUPPLEMENTARY INFORMATION: The changes between FIPS 198 and FIPS 198-1 
are minor and are motivated by a desire to put informative information 
that may change in a separate, less formal publication that can be 
readily updated as necessary. FIPS 198 contained statements about the 
security provided by the HMAC algorithm and specified a truncation 
technique for the HMAC output. Since the security provided by the HMAC 
algorithm and its applications might be altered by future 
cryptanalysis, the security statements were not included in FIPS 198-1. 
The security of HMAC will be addressed in NIST Special Publications 
(SP) 800-57, Recommendation for Key Management, and 800-107, 
Recommendation for Using Approved Hash Algorithms. Draft FIPS 198-1 
also does not include the truncation technique; the truncation 
technique of HMAC will be specified in the NIST Special Publication 
800-107. Draft NIST Special Publications and NIST Special Publications 
are available at http://csrc.nist.gov/publications/index.html. Examples 
of the implementation of the HMAC algorithm can be found at http://www.nist.gov/CryptoToolkitExamples. NIST will continue to review these 
examples and to update them as needed.

    Authority: NIST activities to develop computer security 
standards to protect Federal sensitive (unclassified) systems are 
undertaken pursuant to specific responsibilities assigned to NIST to 
section 20 of the National Institute of Standards and Technology Act 
(15 U.S.C. 278g-3) as amended by section 303 of the Federal 
Information Security Management Act of 2002 (Pub. L. 107-347). This 
notice has been determined not to be significant for the purposes of 
Executive Order 12866.

    Dated: June 5, 2007.
James M. Turner,
Deputy Director, NIST.
 [FR Doc. E7-11309 Filed 6-11-07; 8:45 am]
BILLING CODE 3510-13-P