Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Requests Public Comments on FIPS 180-4, Secure Hash Standard (SHS)
June 09, 2022

NIST is in the process of a periodic review and maintenance of its cryptography standards and guidelines.   

This announcement initiates the review of Federal Information Processing Standard (FIPS) 180-4, Secure Hash Standard (SHS), 2015.

NIST requests public comments on all aspects of FIPS 180-4. Additionally, NIST would appreciate feedback on the following two areas of particular concern:

  1. SHA-1. In recent years, the cryptanalytic attacks on the SHA-1 hash function have become increasingly severe and practical (see, e.g., the 2020 paper "SHA-1 is a Shambles" by Leurent and Peyrin). NIST therefore plans to remove SHA-1 from a revision of FIPS 180-4 and to deprecate and eventually disallow all uses of SHA-1. The Cryptographic Module Validation Program will establish a validation transition schedule.
    • How will this plan impact fielded and planned SHA-1 implementations?
    • What should NIST consider in establishing the timeline for disallowing SHA-1?
  2. Interface. The "Init, Update, Final" interface was part of the SHA-3 Competition submission requirements. Should a revision of FIPS 180-4 discuss the “Init, Update, Final” hash function interface?

The public comment period is open through September 9, 2022. Comments may address the concerns raised in this announcement or other issues around security, implementation, clarity, risk, or relevance to current applications.  

Send comments to cryptopubreviewboard@nist.gov with “Comments on FIPS 180-4” in the Subject. 

For more information about the review process, visit the Crypto Publication Review Project page

Related Topics

Security and Privacy: secure hashing

Created June 09, 2022