NIST says agencies should begin move to stronger hashing tools

The National Institute of Standards and Technology is urging agencies to begin migrating away from the flawed SHA-1 hashing algorithm in favor of stronger algorithms.A family of Secure Hashing Algorithms has been approved under Federal Information Processing Standard 180-2 for federal use to create a secure message digest—or a hash—of digital documents. Any alterations in the document will result in a different hash, so it can be used to time stamp, sign or otherwise authenticate a document. Like any cryptographic function, an algorithm’s strength lies in its ability to resist attacks from increasingly powerful computers, and SHA-1 has been around since 1994.Researchers reported last year that they had broken SHA-1 for some functions, prompting concern about its continued use.“Due to advances in computing power, NIST already planned to phase out SHA-1 in favor of the larger and stronger hash functions (SHA-224, SHA-256, SHA-384 and SHA-512) by 2010,” NIST said at that time, and advised agencies to “develop plans on a timely basis for an orderly transition.”NIST strengthened its recommendation Wednesday, saying “federal agencies should stop using SHA-1 for digital signatures, digital time stamping and other applications that require collision resistance as soon as practical.”After 2010, SHA-1 can be used only for hash-based message authentication codes, key derivation functions and random number generators.“Regardless of use, NIST encourages application and protocol designers to use the SHA-2 family of hash functions for all new applications and protocols,” NIST said.