Announcing Approval of Federal Information Processing Standard (FIPS) Publication 198–1, The Keyed-Hash Message Authentication Code (HMAC), a Revision of FIPS 198
July 29, 2008

The National Institute of Standards and Technology (NIST) announces approval of Federal Information Processing Standard (FIPS) Publication 198-1, The Keyed-Hash Message Authentication Code (HMAC), a revision of FIPS 198. The FIPS specifies a mechanism for message authentication using cryptographic hash functions in federal information systems. The technical information about the security provided by the HMAC algorithm, and the length limit and security implications of truncated HMAC outputs have been removed from the revised standard. This information may need frequent updating, and its removal from the specification will enable NIST to employ a more effective process for keeping the information current. NIST will provide specific guidelines about the security provided by the HMAC and the use of truncation techniques for it in Special Publication (SP) 800-17, which can be updated in a timely manner as the technical conditions change.