NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

cryptographic hash project

Background Information

A cryptographic hash algorithm (alternatively, hash "function") is designed to provide a random mapping from a string of binary data to a fixed-size “message digest” and achieve certain security properties. Hash algorithms can be used for digital signatures, message authentication codes, and many other security applications in the information infrastructure. The Federal Information Processing Standard 180-4, Secure Hash Standard, specifies seven cryptographic hash algorithms — SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256 for federal use; the standard is also widely adopted by the information technology industry.

In recent years, several cryptographic hash algorithms have been successfully attacked, and serious attacks have been published against the NIST-approved SHA-1. In response, NIST held two public workshops to assess the status of its approved hash algorithms, and to solicit public input on its cryptographic hash algorithm policy and standard. As a result of these workshops, NIST decided to develop a new cryptographic hash algorithm through a public competition, similar to the development process of the Advanced Encryption Standard (AES). NIST proposed a tentative timeline for the competition, and published a policy statement on the use of hash functions in 2006.

NIST issued a Federal Register Notice in January 2007 detailing the draft minimum acceptability requirements, submission requirements, and evaluation criteria for candidate hash algorithms for public comment. Based on the public feedback, NIST revised the requirements and evaluation criteria, issued a second Federal Register Notice to Call for a New Cryptographic Hash Algorithm (SHA-3) Family on November 2, 2007, and launched the “SHA-3” Cryptographic Hash Algorithm Competition. Details of the competition are available at