NIST Guidelines Released for Secure Use of Digital Signatures

Guidelines for secure use of approved hash algorithms have been updated by the U.S. National Institute of Standards and Technology, providing the technical specifications for the latest Federal Information Processing Standards (FIPS). NIST publications on security (including encryption and key management) have played a prominent role for many years, especially for government applications. FIPS Publications are issued by NIST after approval by the Secretary of Commerce pursuant to Section 5131 of the Information Technology Reform Act of 1996 (Public Law 104-106) and the Federal Information Security Management Act of 2002 (Public Law 107-347). The newly released Special Publication 800-107,"Recommendation for Applications Using Approved Hash Algorithms" provides guidelines for achieving the needed level of security when using algorithms approved in FIPS 180-3.

Hash functions compute a fixed-length digest, or hash, for a document or message, which can be used to assure that a document has not been altered. The agency also has released guidelines for assuring that digitally signed documents cannot be tampered with by a second party. Special Publication 800-106, titled "Randomized Hashing for Digital Signatures," specifies ways to enhance the security of cryptographic hash functions used in digital signatures by randomizing the message. Special Publications in the NIST 800 series present documents of general interest to the computer security community. The Special Publication 800 series was established in 1990 to provide a separate identity for information technology security publications. This Special Publication 800 series reports on ITL's research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.

Read the complete article by Hashing William Jackson in Government Computer News; cited by Robin Cover in XML Daily Newslink.

XML.org Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | XML.org | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I