LLMpediaThe first transparent, open encyclopedia generated by LLMs

FIPS 180-2

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: SHA-256 Hop 4
Expansion Funnel Raw 1 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted1
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
FIPS 180-2
TitleFIPS 180-2
StatusWithdrawn
OrganizationNational Institute of Standards and Technology
Published2002
Superseded byFIPS 180-4

FIPS 180-2 is a United States federal standard that specified the Secure Hash Standard (SHS), defining the cryptographic hash function family known as SHA-1 and its use in federal information processing. It was issued by the National Institute of Standards and Technology and adopted across agencies including the Department of Defense, the National Security Agency, and the Internal Revenue Service for integrity verification, digital signatures, and data authentication. The standard influenced international specifications and implementations in products from vendors such as IBM, Microsoft, and Oracle.

Overview

FIPS 180-2 codified the Secure Hash Algorithm SHA-1 and extended the original specification with additional message padding, processing, and test vectors used by implementers such as Sun Microsystems, Intel, and Hewlett-Packard. Major stakeholders included the United States Postal Service, the Federal Aviation Administration, and the Securities and Exchange Commission, which relied on SHA-1 for legacy systems alongside cryptographic suites specified in NIST publications and by the Institute of Electrical and Electronics Engineers. The standard defined input/output behavior that affected protocols like Secure Sockets Layer, Internet Protocol Security, and S/MIME as implemented by Cisco Systems and Nortel.

Historical development and revisions

FIPS 180-2 was published as a revision to earlier federal work influenced by research at the National Security Agency and proposals reviewed by advisory groups including the Computer Security Resource Center and the Federal Information Processing Standards Program. Its development reflected lessons from cryptanalytic results reported by academic groups at the University of California, Stanford University, and the École Normale Supérieure, and practical pressures from vendors such as RSA Security and VeriSign. Subsequent cryptanalytic advances by teams at Shandong University, the École Polytechnique, and the Technische Universität contributed to the creation of successors and updates by NIST and influenced standards bodies like the International Organization for Standardization and the Internet Engineering Task Force.

Technical specifications

FIPS 180-2 specifies the SHA-1 compression function, message scheduling, word operations, and initial constants used in implementations by SunOS, Windows NT, and Linux kernels, and in hardware modules by AMD and ARM. The standard details block size, message padding, and output size that became part of implementations in OpenSSL, GnuTLS, and Bouncy Castle libraries used by Apache Software Foundation projects, Mozilla products, and Google services. Test vectors and example computations in FIPS 180-2 guided firmware developers at Broadcom and Qualcomm and were referenced in certification efforts with Common Criteria and Federal Information Processing Validation programs.

Security analysis and cryptographic impact

Cryptanalysis of SHA-1 documented by researchers at Shanghai Jiao Tong University, the Centrum Wiskunde & Informatica, and the Tel Aviv University identified collision vulnerabilities that reduced the effective security below intended levels, prompting guidance from the National Institute of Standards and Technology and advisories by the Computer Emergency Response Team. High-profile demonstrations and published attacks influenced migration plans at organizations such as the European Central Bank, the Bank of England, and the International Monetary Fund, and accelerated adoption of SHA-2 family algorithms recommended in later NIST publications and standards referenced by the World Wide Web Consortium and the Internet Engineering Task Force.

Implementation and compliance

Implementers seeking FIPS 180-2 compliance included vendors seeking Federal Information Processing Standards validation under programs administered by NIST and labs accredited by the American National Standards Institute and the National Voluntary Laboratory Accreditation Program. Integrations into tokenization products by Gemalto, smart card deployments by Infineon, and certificate services by Entrust required adherence to module testing and conformance suites used by the Department of Commerce and contracting entities like Booz Allen Hamilton. Migration guidance for compliance came from coordination among standards bodies including the American Institute of Certified Public Accountants and the Institute of Electrical and Electronics Engineers.

FIPS 180-2 is part of a lineage that includes its predecessor and successor federal publications as well as related specifications such as the SHA-2 and SHA-3 families standardized by NIST, algorithms adopted into ISO/IEC standards, and protocols in RFCs produced by the Internet Engineering Task Force. The evolution influenced product roadmaps at Microsoft, Apple, and Red Hat and guided cryptographic policy in institutions including the World Bank, NATO, and the United Nations while informing academic curricula at institutions such as Massachusetts Institute of Technology and Carnegie Mellon University.

Category:Federal Information Processing Standards