- From: Klotz, Leigh <Leigh.Klotz@XEROX.COM>
- Date: Wed, 24 Jan 2007 11:45:55 -0800
- To: <www-forms@w3.org>
We've discussed this issue a bit in the past, but I wanted to report on the US NIST policy of March 15, 2006, which although says that SHA-1 *may* be used for HMAC, it goes on to say that "[r]egardless of use" SHA-1 *should* be discontinued. So our decision to include both SHA-1 and SHA-2 family seems correct. http://www.csrc.nist.gov/pki/HashWorkshop/NIST%20Statement/NIST_Policy_o n_HashFunctions.htm NIST's Policy on Hash Functions March 15, 2006: The SHA-2 family of hash functions (i.e., SHA-224, SHA-256, SHA-384 and SHA-512) may be used by Federal agencies for all applications using secure hash algorithms. Federal agencies should stop using SHA-1 for digital signatures, digital time stamping and other applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010. After 2010, Federal agencies may use SHA-1 only for the following applications: hash-based message authentication codes (HMACs); key derivation functions (KDFs); and random number generators (RNGs). Regardless of use, NIST encourages application and protocol designers to use the SHA-2 family of hash functions for all new applications and protocols.
Received on Wednesday, 24 January 2007 19:46:30 UTC