Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Announcement of Proposal to Revise FIPS 180-4, Secure Hash Standard (SHS)
December 15, 2022

As a part of the periodic review of NIST’s cryptographic standards and guidelines, NIST's Crypto Publication Review Board announced the review of Federal Information Processing Standards Publication FIPS 180-4, Secure Hash Standard (SHS), in June 2022. NIST subsequently received and posted public comments.

NIST proposes to revise FIPS 180-4. The revision will remove SHA-1 from the standard. The SHA-1 specification will continue to be available in the archived copy of FIPS 180-4 after FIPS 180-5 is published. NIST has plans to transition away from SHA-1 for all applications. See the NIST Policy on Hash Functions for more information. NIST plans to revise NIST Special Publication (SP) 800-131A with more details on the transition. Other NIST publications that reference SHA-1 will be revised during their periodic review cycle.

The Cryptographic Module Validation Program (CMVP) is planning to develop FIPS 140-3 Implementation Guidance (IG) to discuss the Init, Update, Final interface that software implementations of hash functions typically use.

Submit your comments on the decision to revise FIPS 180-4 by January 31, 2023, to with “Comments on the Proposal to Revise FIPS 180-4” in the subject line. Comments received in response to this request will be posted on the Crypto Publication Review Project site after the due date. Submitters’ names and affiliations (when provided) will be included, while contact information will be removed. See the project site for additional information about the review process.

Related Topics

Security and Privacy: secure hashing

Activities and Products: standards development

Created December 15, 2022