NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

Secure Hashing

Approved Algorithms

There are five (5) Approved algorithms for generating a condensed representation of a message (message digest): SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.

March 15, 2006: The SHA-2 family of hash functions (i.e., SHA-224, SHA-256, SHA-384 and SHA-512) may be used by Federal agencies for all applications using secure hash algorithms. Federal agencies should stop using SHA-1 for digital signatures, digital time stamping and other applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010. After 2010, Federal agencies may use SHA-1 only for the following applications: hash-based message authentication codes (HMACs); key derivation functions (KDFs); and random number generators (RNGs). Regardless of use, NIST encourages application and protocol designers to use the SHA-2 family of hash functions for all new applications and protocols.

SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512

FIPS 180-2, Secure Hash Standard (SHS), August 2002

On August 26, 2002, NIST announced the approval of FIPS 180-2, Secure Hash Standard, which contains the specifications for the Secure Hash Algorithms (SHA-1, SHA-256, SHA-384, and SHA-512) with several examples.

On February 25, 2004, a change notice was included that specifies SHA-224 and discusses truncation of the hash function output in order to provide interoperability.

In August, 2004, researchers announced that they discovered a new way to break a number of cryptographic hash algorithms. Those initial attacks did not break any of the SHA family algorithms, as is reflected in NIST's comments at that time.

In February, 2005, however, researchers announced an attack on the full SHA-1 algorithm. Click here for NIST's brief comments on these latest attacks. (Statement revised April 25, 2006.)

NOTE: On June 12, 2007, NIST announced the release of draft FIPS 180-3, Secure Hash Standard (SHS), for public comment. The draft FIPS 180-3 is the proposed revision of FIPS 180-2. The draft specifies five secure hash algorithms (SHAs) called SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512 without claiming security strengths of these hash algorithms. Comments will be accepted through September 10, 2007. Comments should be forwarded to the Computer Security Division, Information Technology Laboratory at NIST or submitted via email to Proposed180-3@nist.gov with "Comments on Draft 180-3" in the subject line.

NIST announces the release of 2nd draft Special Publication 800-106, Randomized Hashing for Digital Signatures. This Recommendation provides a technique to randomize messages that are input to a cryptographic hash functions during the generation of digital signatures. Please submit comments to quynh.dang@nist.gov with "Comments on Draft 800-106" in the subject line. The comment period closes on September 5, 2008.

NIST announces the release of the 2nd draft Special Publication 800-107, Recommendation for Applications Using Approved Hash Algorithms. This document provides security guidelines for achieving the required or desired security strengths when using cryptographic applications that employ the approved cryptographic hash functions specified in Federal Information Processing Standard (FIPS) 180-3, such as digital signature applications, Keyed-hash Message Authentication Codes (HMACs) and Hash-based Key Derivation Functions (HKDFs). Please submit comments to quynh.dang@nist.gov with "Comments on Draft 800-107" in the subject line. The comment period closes on October 9, 2008.

Second Cryptographic Hash Workshop August 24-25, 2006, UCSB, Santa Barbara

NIST plans to host a series of public workshops to focus on hash function research in preparation for developing additional hash function(s) through a public competition.

Back to Top

Testing Products

Testing requirements and validation lists are available from the Cryptographic Algorithm Validation Program (CAVP).

Back to Top

Additional Information

Second Cryptographic Hash Workshop August 24-25, 2006, UCSB, Santa Barbara

As a follow-up to the first Cryptographic Hash Workshop held on Oct. 31-Nov. 1, 2005, NIST plans to host a series of public workshops to focus on hash function research in preparation for developing additional hash function(s) through a public competition. The next workshop will be held on August 24-25 at UCSB, Santa Barbara, in conjunction with Crypto 2006.

Cryptographic Hash Workshop October 31 - November 1, 2005

Recently a team of researchers reported that the SHA-1 function offers significantly less collision resistance than could be expected from a cryptographic hash function of its ouput size. NIST hosted a workshop to solicit public input in how best to respond to the current state of research in this area. An agenda and presentations from this workshop are available.

Note: An algorithm or technique that is either specified in a FIPS or NIST Recommendation.