Try the new and let us know what you think!
(Note: Beta site content may not be complete.)

View the beta site
NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage

Public Comments ON Draft FIPS 202

Comments Received in Response to:

Request for Comments on Draft FIPS 202, SHA-3 Standard:
Permutation-Based Hash and Extendable-Output Functions


Date Received From Response
July 7, 2014 NSA The suggested changes were accepted.
July 18, 2014 European Telecommunications Standards Institute - Technical Committee "Security Algorithms Group of Experts" (TC SAGE) No change to the Standard was requested.
July 22, 2014 Thales e-Security The editorial comments were accepted, with a modification to the suggested resolution in one case. Although the stated rationale for the general comment is reasonable, it is preferable to omit the hyphens, as originally specified, in order to help distinguish the different roles of the parameters. In particular, the numerical suffixes in “SHAKE128” and “SHAKE256” indicate security strengths, while for the SHA-3 hash functions such as SHA3-256, the suffix indicates the digest length of the hash function.
August 14, 2014 Clinton Bowen The restructuring proposal was not accepted. The text in Section 7 on conformance already explicitly accommodates the possibility of future approved sponge functions based on the KECCAK-p permutations and other intermediate functions. Moreover, the primary goal of FIPS 202 is to standardize the winning algorithm from the SHA-3 Competition, as initiated in the Federal Register Notice on November 2, 2007. The proposed restructuring would detract from the perception of the Standard as fulfilling that goal.
August 19, 2014 Peter Rombouts The comment was accepted and addressed with new text in the conformance section.
August 26, 2014 Centers for Disease Control and Prevention (CDC) No change was requested.
August 26, 2014 Scott Fluhrer The text in Section 7 on conformance explicitly asserts that approved uses of the extendable-output functions will be specified in NIST special publications. NIST will consider these comments in the development of those publications. Also, text was added to clarify that extendable-output functions are not yet approved as variable-length hash functions.

Comments Received in Response to:

Request for Comments on Draft Revision of the Applicability Clause of FIPS 180-4, Secure Hash Standard


Date Received From Response
August 26, 2014 Alexey Bagaev The comment does not directly apply to the Revised Applicability Clause of FIPS 180-4, which simply acknowledges that FIPS 202 specifies valid options for secure hash functions. Moreover, NIST has already developed and implemented an appropriate policy for the use of SHA-1, based on the latest security information, as described in NIST Special Publication 800-131A.