secure hash standard shs
play

Secure Hash Standard (SHS) C ATEGORY: C OMPUTER S ECURITY S - PDF document

Mar 15, 2023 •299 likes •660 views

FIPS PUB 180-4 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Secure Hash Standard (SHS) C ATEGORY: C OMPUTER S ECURITY S UBCATEGORY: C RYPTOGRAPHY Information Technology Laboratory National Institute of Standards and Technology

  1. FIPS PUB 180-4 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Secure Hash Standard (SHS) C ATEGORY: C OMPUTER S ECURITY S UBCATEGORY: C RYPTOGRAPHY Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8900 March 2012 U.S. Department of Commerce John Bryson, Secretary National Institute of Standards and Technology Patrick Gallagher, Under Secretary for Standards and Technology and Director

  2. FOREWORD The Federal Information Processing Standards Publication Series of the National Institute of Standards and Technology (NIST) is the official series of publications relating to standards and guidelines adopted and promulgated under the provisions of the Federal Information Security Management Act (FISMA) of 2002. Comments concerning FIPS publications are welcomed and should be addressed to the Director, Information Technology Laboratory, National Institute of Standards and Technology, 100 Bureau Drive, Stop 8900, Gaithersburg, MD 20899-8900. Charles H. Romine , Director Information Technology Laboratory ii

  3. Abstract This standard specifies hash algorithms that can be used to generate digests of messages. The digests are used to detect whether messages have been changed since the digests were generated. Key words : computer security, cryptography, message digest, hash function, hash algorithm, Federal Information Processing Standards, Secure Hash Standard. iii

  4. Federal Information Processing Standards Publication 180-4 March 2012 Announcing the SECURE HASH STANDARD Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National Institute of Standards and Technology (NIST) after approval by the Secretary of Commerce pursuant to Section 5131 of the Information Technology Management Reform Act of 1996 (Public Law 104-106), and the Computer Security Act of 1987 (Public Law 100-235). 1. Name of Standard : Secure Hash Standard (SHS) (FIPS PUB 180-4). 2. Category of Standard : Computer Security Standard, Cryptography. 3. Explanation : This Standard specifies secure hash algorithms - SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256 - for computing a condensed representation of electronic data (message). When a message of any length less than 2 64 bits (for SHA-1, SHA-224 and SHA-256) or less than 2 128 bits (for SHA-384, SHA-512, SHA-512/224 and SHA-512/256) is input to a hash algorithm, the result is an output called a message digest. The message digests range in length from 160 to 512 bits, depending on the algorithm. Secure hash algorithms are typically used with other cryptographic algorithms, such as digital signature algorithms and keyed-hash message authentication codes, or in the generation of random numbers (bits). The hash algorithms specified in this Standard are called secure because, for a given algorithm, it is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest. Any change to a message will, with a very high probability, result in a different message digest. This will result in a verification failure when the secure hash algorithm is used with a digital signature algorithm or a keyed-hash message authentication algorithm. This Standard supersedes FIPS 180-3 [FIPS 180-3]. 4. Approving Authority : Secretary of Commerce. 5. Maintenance Agency : U.S. Department of Commerce, National Institute of Standards and Technology (NIST), Information Technology Laboratory (ITL). iv

  5. 6. Applicability : This Standard is applicable to all Federal departments and agencies for the protection of sensitive unclassified information that is not subject to Title 10 United States Code Section 2315 (10 USC 2315) and that is not within a national security system as defined in Title 44 United States Code Section 3502(2) (44 USC 3502(2)). This standard shall be implemented whenever a secure hash algorithm is required for Federal applications, including use by other cryptographic algorithms and protocols. The adoption and use of this Standard is available to private and commercial organizations. 7. Specifications : Federal Information Processing Standard (FIPS) 180-4, Secure Hash Standard (SHS) (affixed). 8. Implementations: The secure hash algorithms specified herein may be implemented in software, firmware, hardware or any combination thereof. Only algorithm implementations that are validated by NIST will be considered as complying with this standard. Information about the validation program can be obtained at http://csrc.nist.gov/groups/STM/index.html. 9. Implementation Schedule : Guidance regarding the testing and validation to FIPS 180-4 and its relationship to FIPS 140-2 can be found in IG 1.10 of the Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program at http://csrc.nist.gov/groups/STM/cmvp/index.html. 10. Patents : Implementations of the secure hash algorithms in this standard may be covered by U.S. or foreign patents. 11. Export Control : Certain cryptographic devices and technical data regarding them are subject to Federal export controls. Exports of cryptographic modules implementing this standard and technical data regarding them must comply with these Federal regulations and be licensed by the Bureau of Export Administration of the U.S. Department of Commerce. Information about export regulations is available at: http://www.bis.doc.gov/index.htm. 12. Qualifications: While it is the intent of this Standard to specify general security requirements for generating a message digest, conformance to this Standard does not assure that a particular implementation is secure. The responsible authority in each agency or department shall assure that an overall implementation provides an acceptable level of security. This Standard will be reviewed every five years in order to assess its adequacy. 13. Waiver Procedure: The Federal Information Security Management Act (FISMA) does not allow for waivers to Federal Information Processing Standards (FIPS) that are made mandatory by the Secretary of Commerce. 14. Where to Obtain Copies of the Standard : This publication is available electronically by accessing http://csrc.nist.gov/publications/. Other computer security publications are available at the same web site. v

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Long-term secure signatures for the IoT Andreas Hlsing Hash-based Signature Schemes [Mer89]

Long-term secure signatures for the IoT Andreas Hlsing Hash-based Signature Schemes [Mer89]

Long-term secure signatures for the IoT Andreas Hlsing Hash-based Signature Schemes [Mer89] Long-term secure Only needs secure hash function Post-quantum Possibility of hash combiners IoT compatible? Only needs secure hash

285 views • 13 slides
Semi-Secure Semi-Secure where a hash is a secure one-way function. A cookie is a bit of state

Semi-Secure Semi-Secure where a hash is a secure one-way function. A cookie is a bit of state

One-Slide Summary Users often authenticate themselves by providing passwords. We store and compare hashes of passwords, Semi-Secure Semi-Secure where a hash is a secure one-way function. A cookie is a bit of state associated with a webpage

103 views • 9 slides
ZFONE ZRTP Philip Zimmermanns new secure VOIP Hello(As Zid, Hash, Enc, SAS.)

ZFONE ZRTP Philip Zimmermanns new secure VOIP Hello(As Zid, Hash, Enc, SAS.)

ZFONE ZRTP Philip Zimmermanns new secure VOIP Hello(As Zid, Hash, Enc, SAS.) application Interoperates with SIP signaling Commit(Bs Zid, HVI, .) Communication with AES by SRTP DH1(pvr, Hash(secret), .)

412 views • 3 slides
Short-output universal hash functions & their use in fast and secure data authentication

Short-output universal hash functions & their use in fast and secure data authentication

Short-output universal hash functions & their use in fast and secure data authentication Long Nguyen and Bill Roscoe Oxford University Department of Computer Science -almost universal hash functions (UHF) Definition : given R is the set

515 views • 22 slides
Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and

Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and

Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and One-Time Lossy Filter Baodong Qin and Shengli Liu Shanghai Jiao Tong University ASIACRYPT 2013 Dec 5, Bangalore, India B. Qin and S. Liu LR-CCA Secure

580 views • 47 slides
6. Applicability : This standard is applicable to all Federal departments and agencies for the

6. Applicability : This standard is applicable to all Federal departments and agencies for the

Federal Information Processing Standards Publication 180-2 2002 August 1 Announcing the SECURE HASH STANDARD Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National Institute of Standards and Technology

1.36k views • 75 slides
Hash functions : MAC / HMAC Outline Message Authentication Codes Keyed hash family

Hash functions : MAC / HMAC Outline Message Authentication Codes Keyed hash family

Hash functions : MAC / HMAC Outline Message Authentication Codes Keyed hash family Unconditionally Secure MACs Ref: D Stinson: Cryprography Theory and Practice (3 rd ed), Chap 4. Universal hash family Notations: X is a

457 views • 12 slides
Provably secure hash functions - do we care? Krystian Matusiewicz Technical University of Denmark

Provably secure hash functions - do we care? Krystian Matusiewicz Technical University of Denmark

Computational Complexity Provably-secure constructions Problems with provably-secure constructions Attempts at practical constructions Provably secure hash functions - do we care? Krystian Matusiewicz Technical University of Denmark Quo Vadis

874 views • 20 slides
Does Secure Time-Stamping Imply Collision-Free Hash Functions Ahto Buldas, Aivo J urgenson

Does Secure Time-Stamping Imply Collision-Free Hash Functions Ahto Buldas, Aivo J urgenson

Does Secure Time-Stamping Imply Collision-Free Hash Functions Ahto Buldas, Aivo J urgenson aivo.jurgenson@eesti.ee Tallinn University of Technology, Estonia. Elion Enterprises Ltd, Estonia. p. 1 Topics background about hash

413 views • 37 slides
Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must

Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must

Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must provide o Compression output length is small o Efficiency h(x) easy to compute for any x o One-way given a value y it is infeasible to find

465 views • 42 slides
Secure Communication Secure Communication Lecture 14 Wrap-Up We saw... Symmetric-Key

Secure Communication Secure Communication Lecture 14 Wrap-Up We saw... Symmetric-Key

Secure Communication Secure Communication Lecture 14 Wrap-Up We saw... Symmetric-Key Components SKE, MAC Public-Key Components PKE, Digital Signatures Building blocks: Block-ciphers (AES), Hash-functions (SHA-3), Trapdoor PRG/OWP for PKE

1.07k views • 72 slides
SECURE IDENTITY-BASED ENCRYPTION IN THE QUANTUM RANDOM ORACLE MODEL Mark Zhandry Stanford

SECURE IDENTITY-BASED ENCRYPTION IN THE QUANTUM RANDOM ORACLE MODEL Mark Zhandry Stanford

SECURE IDENTITY-BASED ENCRYPTION IN THE QUANTUM RANDOM ORACLE MODEL Mark Zhandry Stanford University Random Oracle Model (ROM) Sometimes, we cant prove a scheme secure in the standard model. Instead, model a hash function as a

509 views • 38 slides
Tightly-Secure Signatures from Chameleon Hash Functions NIST, Maryland , PKC 2015 Olivier Blazy 1

Tightly-Secure Signatures from Chameleon Hash Functions NIST, Maryland , PKC 2015 Olivier Blazy 1

Tightly-Secure Signatures from Chameleon Hash Functions NIST, Maryland , PKC 2015 Olivier Blazy 1 , Saqib A. Kakvi 2 , Eike Kiltz 2 , Jiaxin Pan 2 1 University of Limoges, France 2 Ruhr University Bochum, Germany Keywords 1. Signatures 2. Tight

725 views • 44 slides
Outline Hash functions and MACs, contd Building a secure channel CSci 5271 Announcements

Outline Hash functions and MACs, contd Building a secure channel CSci 5271 Announcements

Outline Hash functions and MACs, contd Building a secure channel CSci 5271 Announcements intermission Introduction to Computer Security Crypto combined slides Public-key crypto basics Public key encryption and signatures Stephen McCamant

588 views • 9 slides
Hash Function Based MAC Message Authentication Codes (MAC) provide the integrity and

Hash Function Based MAC Message Authentication Codes (MAC) provide the integrity and

Improved Single-Key Distinguisher on HMAC-MD5 and Key Recovery Attacks on Sandwich-MAC-MD5 Yu Sasaki 1 and Lei Wang 2 1 NTT Secure Platform Laboratories 2 Nanyang Technological University, Singapore SAC 2013 (16/August/2013) 1 Hash Function Based

822 views • 25 slides
Topic 22 Hash Tables " hash collision n. [from the techspeak] (var. `hash clash') When used

Topic 22 Hash Tables " hash collision n. [from the techspeak] (var. `hash clash') When used

Topic 22 Hash Tables " hash collision n. [from the techspeak] (var. `hash clash') When used of people, signifies a confusion in associative memory or imagination, especially a persistent one (see thinko ). True story: One of us was once on

908 views • 31 slides
MESSAGE AUTHENTICATION 1 / 103 Integrity and authenticity The goal is to ensure that M

MESSAGE AUTHENTICATION 1 / 103 Integrity and authenticity The goal is to ensure that M

MESSAGE AUTHENTICATION 1 / 103 Integrity and authenticity The goal is to ensure that M really originates with Alice and not someone else M has not been modified in transit 2 / 103 Integrity and authenticity example Bob Alice (Bank)

1.31k views • 112 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #6 Sep 8 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Quiz #1 later today Still some have not signed up for

799 views • 34 slides
Yasser F. O. Mohammad REMINDER 1:Fiestel Network Each round consists of: Substitution on

Yasser F. O. Mohammad REMINDER 1:Fiestel Network Each round consists of: Substitution on

Yasser F. O. Mohammad REMINDER 1:Fiestel Network Each round consists of: Substitution on left half of text Permutation of the two halves The substitution is controlled by the key of every round Factors of Security: Block

319 views • 19 slides
Lecture 7 - Applied Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security

Lecture 7 - Applied Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security

Lecture 7 - Applied Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

440 views • 18 slides
Data Integrity & Authentication Message Authentication Codes (MACs) Goal Ensure integrity

Data Integrity & Authentication Message Authentication Codes (MACs) Goal Ensure integrity

Data Integrity & Authentication Message Authentication Codes (MACs) Goal Ensure integrity of messages, even in presence of an active adversary who sends own messages. Alice Bob (sender) (reciever) Fran (forger) Remark: Authentication

450 views • 31 slides
Verifying Web Services Security Protocols, Standards, and Implementations Karthik Bhargavan

Verifying Web Services Security Protocols, Standards, and Implementations Karthik Bhargavan

Verifying Web Services Security Protocols, Standards, and Implementations Karthik Bhargavan Microsoft Research, Cambridge Microsoft Research INRIA Joint Centre, Paris Joint work with C. Fournet and A.D. Gordon + R. Puccella, S. Tse, N.

1.4k views • 122 slides
Network Security Essentials Chapter 3 Fourth Edition by William Stallings Lecture slides by

Network Security Essentials Chapter 3 Fourth Edition by William Stallings Lecture slides by

Network Security Essentials Chapter 3 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names, which were known respectively as the true name and the

970 views • 81 slides
Efficient Implementation of Hash-Sequence Signatures Ahto Truu, Guardtime AS / Tallinn University

Efficient Implementation of Hash-Sequence Signatures Ahto Truu, Guardtime AS / Tallinn University

Efficient Implementation of Hash-Sequence Signatures Ahto Truu, Guardtime AS / Tallinn University of Technology This is joint work with Ahto Buldas and Risto Laanoja The presenter has received the Skype and IT Academy PhD Students Scholarship

318 views • 15 slides

More recommend