Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Keyed-Hash Message Authentication Code (HMAC): Specification of HMAC and Recommendations for Message Authentication | Draft SP 800-224 is Available for Public Comment
June 28, 2024

The initial public draft (ipd) of NIST Special Publication (SP) 800-224, Keyed-Hash Message Authentication Code (HMAC): Specification of HMAC and Recommendations for Message Authentication, is now available for public comment.

This publication includes the HMAC specification from Federal Information Processing Standard (FIPS) 198-1, The Keyed-Hash Message Authentication Code (HMAC) (2008) and incorporates some requirements from SP 800-107r1 (Revision 1), Recommendation for Applications Using Approved Hash Algorithms (2012). This development was proposed by the NIST Crypto Publication Review Board based on the reviews of FIPS 198-1 and SP 800-107r1 in 2022. The final version of SP 800-224 is expected to be published concurrently with the withdrawal of FIPS 198-1.

The public comment period is open through September 6, 2024. See the publication details for a copy of the draft; comments can be submitted to SP800-224-comments@list.nist.gov. Comments received in response to this request will be posted on the NIST website after the due date. 

Related Topics

Security and Privacy: message authentication

Created June 28, 2024