Currently, there exists two (2) Approved algorithms for generating and verifying message/data authentication codes: DAC (better known as "MAC") and HMAC.
FIPS 113, Computer Data Authentication May 1985.
FIPS 113 specifies an algorithm, which is based on DES, for generating and verifying a Message Authentication Code (MAC).
FIPS 198-1, The Keyed-Hash Message Authentication Code (HMAC) July 2008.
FIPS 198-1 is a revision of FIPS 198. The FIPS specifies a mechanism for message authentication using cryptographic hash functions in Federal information systems. The technical information about the security provided by the HMAC algorithm, and the length limit and security implications of truncated HMAC outputs have been removed from the revised standard. This information may need frequent updating, and its removal from the specification will enable NIST to employ a more effective process for keeping the information current. NIST will provide specific guidelines about the security provided by the HMAC and the use of the truncation technique in Special Publication (SP) 800-107, which can be updated in a timely manner if the technical conditions change.
Note: NIST Special Publications 800-107, Recommendation for Applications Using Approved Hash Algorithms is currently under development. For more information on draft SP 800-107 go here.
Back to TopTesting requirements and validation lists are available from the Cryptographic Algorithm Validation Program (CAVP).
Back to TopNIST intends to review FIPS 113 and determine whether it should be updated or replaced.