November 09, 2007
SHA-3 Competition Underway; Stronger Hash Algorithm Sought
It probably comes as no surprise that the Secure Hash Algorithm (SHA) isn't as secure as it used to be or as secure as it needs to be. Through no fault of its own, of course. It's those darn security attacks by intruders, some malicious, that have led security experts to question the security of current SHA implementations--SHA-0, SHA-1, and SHA-2.
Consequently, the National Institute of Standards and Technology (NIST) has opened a competition to develop SHA-3. The competition is NIST’s response to recent advances in the analysis of hash algorithms. The new hash algorithm will augment the hash algorithms currently specified in the Federal Information Processing Standard (FIPS) 180-2, Secure Hash Standard. NIST’s goal is that SHA-3 provide increased security and offer greater efficiency for the applications using cryptographic hash algorithms. FIPS standards are required for use in federal civilian computer systems and are often adopted voluntarily by private industry.
FIPS 180-2 specifies five cryptographic hash algorithms, including SHA-1 and the SHA-2 family of hash algorithms. Because serious attacks have been reported in recent years against cryptographic hash algorithms, including SHA-1, and because SHA-1 and the SHA-2 family share a similar design, NIST is standardizing an additional hash algorithm to augment those currently specified in FIPS 180-2.
The competition announcement specifies the submission requirements, the minimum acceptability requirements, and the evaluation criteria for candidate hash algorithms. Entries for the competition must be received by October 31, 2008.
For background on SHA, some reference points include:
Posted by Jon Erickson at 08:58 AM Permalink
|
