view counter

NIST opens competition to improve SHA-1 encryption standard

Published 25 January 2007

Recent efforts by Chinese researchers show that decades-old encryption system is increasingly vulnerable; competition is open to all, and winning bid will support 224-, 256-, 384- and 512-bit key encryption, with a maximum message length of at least 264 bits

After two decades of relying on Federal Information Processing Standard 180-1 (otherwise known as Secure Hash Algorithm-1 [SHA-1]) for its computer encryption needs, the federal government has decided to look for something new. Also used as the basis for the Secure Sockets Layer private-key technology that secures credit card numbers online, SHA-1 has been considered the gold standard among encryption algorithms because as many as 280 hash operations were considered necessary to find a weakness in it — a level many believed was unbreakable. A recent effort by Chinese researchers, however, has shown that SHA-1 could be overcome with just 269 operations, sending federal security planners back to the drawing board. Should the breaking point reach 240 operations, the fear is that any high-end PC could manage the task.

The drawing board in this case is available to all. The National Institute of Standards and Technology has begun a competition to develop one or more additional hash functions — a process similar to that used for the Advanced Encryption Standard. According to the NIST notice, the new algorithm must support 224-, 256-, 384- and 512-bit key encryption, with a maximum message length of at least 264 bits. The eventual winner will be publicly disclosed and the hash function specifications available worldwide on a nonexclusive, royalty-free basis.

-read more in Brian Robinson’s FCW report

view counter
view counter