NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

Message Authentication

Approved Algorithms

Currently, there exists two (2) Approved algorithms for generating and verifying message/data authentication codes: DAC (better known as "MAC") and HMAC.

Message Authentication Code (MAC or DAC)

FIPS 113, Computer Data Authentication May 1985.

FIPS 113 specifies an algorithm, which is based on DES, for generating and verifying a Message Authentication Code (MAC).

Keyed-Hash Message Authentication Code (HMAC)

FIPS 198-1, The Keyed-Hash Message Authentication Code (HMAC) July 2008.

FIPS 198-1 is a revision of FIPS 198. The FIPS specifies a mechanism for message authentication using cryptographic hash functions in Federal information systems. The technical information about the security provided by the HMAC algorithm, and the length limit and security implications of truncated HMAC outputs have been removed from the revised standard. This information may need frequent updating, and its removal from the specification will enable NIST to employ a more effective process for keeping the information current. NIST will provide specific guidelines about the security provided by the HMAC and the use of the truncation technique in Special Publication (SP) 800-107, which can be updated in a timely manner if the technical conditions change.

Note: NIST Special Publications 800-107, Recommendation for Applications Using Approved Hash Algorithms is currently under development. For more information on draft SP 800-107 go here.

Back to Top

Testing Products

Testing requirements and validation lists are available from the Cryptographic Algorithm Validation Program (CAVP).

Back to Top

Additional Information

July 29, 2011: NIST requests comments on Special Publication (SP) 800-133, Recommendation for Cryptographic Key Generation. Cryptography relies upon two basic components: an algorithm (or cryptographic methodology) and a cryptographic key. This Recommendation discusses the generation of the keys to be managed and used by NIST’s approved cryptographic algorithms. Please provide comments by September 30th, 2011 to SP-800-133_Comments@nist.gov, with “Comments on SP 800-133 Key Generation” in the subject line.

April 12, 2011: NIST requested comments for Draft Special Publication (SP) 800-131B, Transitions: Validation of Transitioning Cryptographic Algorithm and Key Lengths. on February 10, 2001. SP 800-131B provides details about the validation of the cryptographic algorithms and cryptographic modules in transition, as specified in SP 800-131A. These are the comments received.

April 12, 2011: NIST requested comments for Draft Special Publication (SP) 800-131C, Transitions: Validating the Transition from FIPS 186-2 to FIPS 186-3 on February 10, 2011. SP 800-131C addresses both the cryptographic algorithm validations and the cryptographic module validations that are conducted by NIST’s Cryptographic Algorithm Validation Program (CAVP) and the Cryptographic Module Validation Program (CMVP), respectively. These are the comments received.

January 13, 2011: NIST announces the completion of Special Publication (SP) 800-131A, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths. This Recommendation provides the approach for transitioning from the use of one algorithm or key length to another, as initially addressed in Part 1 of SP 800-57. SP 800-131B, Transitions: Validation of Transitioning Cryptographic Algorithms and Key Lengths, is under development and will address the validation of cryptographic modules during the transition period.

Back to Top

Future Plans

NIST intends to review FIPS 113 and determine whether it should be updated or replaced.

Note: An algorithm or technique that is either specified in a FIPS or NIST Recommendation.