NIST makes a hash of SHA

NIST makes a hash of SHA: Three years ago in January, 2011, NIST (the National Institute of Standards and Technology) issued NIST Special Publication 800-131A, setting forth rules and recommendations for the use of certain cryptographic standards. They’ve just been caught violating one of those rules themselves.

It is normal in cryptography that the newest and most secure standards will, before too long, become old and less secure. Therefore we must advance, slowly but continuously, to newer standards which, for a time, are at least impractical to break.

 

One of the most basic features in modern cryptography is the cryptographic hash function. It is an algorithm which takes a block of data as input and generates from it a value, known as a hash or digest, of a certain size. In a good hash function there is no way to tell anything about the data from the hash and even a small change in the input data will cause the hash to be substantially different. But eventually clever research and raw computing horsepower tend to uncover weaknesses in these algorithms.

Not too long ago the standard in hashes was MD-5, but not anymore. For years it has been compromised. The next generation hash, the dominant one in use today, is SHA-1, created by NIST. No genuine, practical attacks have yet been demonstrated publicly for SHA-1, but theoretical attacks have been shown and the writing is on the wall. So three years ago, in Special Publication 800-131A, NIST declared that “SHA-1 shall not be used for digital signature generation after December 31, 2013.”