Hashing out encryption

"Hash Functions: Practical Implications of Recent Analytic Results"

Federal agencies have been put on notice that National Institute of Standards and Technology officials plan to phase out a widely used cryptographic hash function known as SHA-1 in favor of larger and stronger hash functions such as SHA-256 and SHA-512.

The change will affect many federal cryptographic functions that incorporate hashes, particularly digital signatures, said William Burr, manager of NIST's security technology group, which advises federal agencies on electronic security standards.

"There's really no emergency here," Burr said. "But you should be planning how you're going to transition — whether you're a vendor or a user — so that you can do better cryptography by the next decade."

Hashing is used to prevent tampering with electronic messages. A hash is a numerical code generated from a string of text when a message is sent. The receiving system checks it against a hash it creates from the same text, and if they match, the message was sent intact.

Speaking at a recent meeting of the federal Public Key Infrastructure Technical Working Group at NIST, Burr said some critics have questioned the security of the government-developed SHA-1 after some researchers managed to break a variant of the SHA-1 hash function last year.

But Burr said no complete implementation of the SHA-1 function has been successfully attacked. "SHA-1 is not broken," he said, "and there is not much reason to suspect that it will be soon." But advances in computer processing capability make it prudent to phase out SHA-1 by 2010, he said.

Burr said other widely used hash functions such as MD5 are vulnerable to attack and their use should be discontinued. "If by some chance you are still using MD5 in certificates or for digital signatures, you should stop," he said.