Muchas apologies for the forwarded post, but I thought you folks might find this of interest... From: Perillo@dockmaster.ncsc.mil Newsgroups: comp.security.misc Subject: Fwd: SHA, Proposed Modification. Date: 29 Jul 1994 10:03:21 -0400 Organization: Yale CS Mail/News Gateway Lines: 611 Sender: daemon@cs.yale.edu Message-ID: <940729135927.373949@DOCKMASTER.NCSC.MIL> NNTP-Posting-Host: babyblue.cs.yale.edu The following is the Request for Comments citation summary, on the revision or fix of the Secure Hash Algorithm (SHA) released by NIST on July 11th. Enclosed is the "technical details sheet" of the proposed modification that has been floating around NIST for the last two months. - Robert ---------------------------- Federal Register 07/11/94 Citation="59 FR 35317" [Docket No. 940675-4175] RIN 0693-AB33 Proposed Revision of Federal Information Processing Standard (FIPS) 180, Secure Hash Standard AGENCY: National Institute of Standards and Technology (NIST), Commerce. ACTION: Notice; Request for comments. SUMMARY: A revision of Federal Information Processing Standard (FIPS) 180, Secure Hash Standard (SHS), is being proposed. This proposed revision corrects a technical flaw that made the standard less secure than had been thought. The algorithm is still reliable as a security mechanism, but the correction returns the SHS to the original level of security. The SHS produces a 160-bit output called a message digest for a message of any size. This message digest can be used with FIPS 186, Digital Signature Standard (DSS), to compute a signature for the message. The same message digest should be obtained by the verifier of the signature when the received version of the message is used as input to the Secure Hash Algorithm (SHA). -------------- Proposed Modification of the Secure Hash Algorithm In Section 7 of [1](page 9), the line which reads b) For t=16 to 79 let W(t) = W(t-3) XOR W(t-8) XOR W(t-14) XOR W(t-16). is to be replaced by b) For t=16 to 79 let W(t) = S1( W(t-3) XOR W(t-8) XOR W(t-14) XOR W(t-16) ). where S1 is a left circular shift by one bit as defined in Section 3 of [1](page 6), namely S1(X) = (X<<1) V (X>>31). ASCII translator's note : S1 is actually, S superscript 1. W(t-n) is actually, W subscript, t or t-n. References: [1] FIPS PUB 180; Secure Hash Standard Computer Systems Laboratory National Institute of Standards and Technology 1993 May 11 ___________________________________________________________________ Robert J. Perillo, CCP Computer Scientist Cerberus Systems Washington, DC ___________________________________________________________________