Advertisement

NIST finalizes new cryptographic hash standard

The National Institute of Standards and Technology finalized its SHA-3 cryptographic standard, a process nine years in the making.

After nine years of research and competitions, the National Institute of Standards and Technology released the final version of its Secure Hash Algorithm-3 standard Wednesday.

SHA-3 is a cryptographic hash function that can be used in information security applications, including the generation and verification of digital signatures, key derivation, and pseudorandom bit generation. NIST called for the creation of a new cryptographic hash in 2005 after its MD5 and SHA-0 hashes were attacked and research indicated its SHA-1 standard could also be attacked.

The new standard was born out of NIST’s SHA-3 Cryptographic Hash Standard competition, which took five years to complete. The winning algorithm, Keccak, was chosen from 64 submitted entries.

wall-of-keys

A look at an implementation of the Keccak algorithm, which is used in NIST’s SHA-3 standard. Notice how the period creates a widly different hash. (Wikipedia)

Advertisement

The finalized version does not differ much from the draft version released last May. SHA-3 joins a number of cryptologic standards NIST listed in FIPS 180-4.

NIST pointed out Wednesday that SHA-3 is just another hashing option and does not mean SHA-2 has been replaced or rendered unsafe.

“SHA-3 is very different from SHA-2 in design,” NIST computer specialist Shu-jen Chang said. “It doesn’t replace SHA-2, which has not shown any problem, but offers a backup. It takes years to develop a new standard, and we wanted to be prepared in case problems do occur.”

Other challenge submissions have been made available on the Internet. An alternative algorithm, Blake2, claims to perform better than Keccak algorithm on Intel CPUs.

You can download the new standard on NIST’s website.

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts