What are NIST Encryption Standards?
Learn about NIST’s encryption standards and why they matter
The National Institute of Standards and Technology is an organization aimed at helping US economic and public welfare issues by providing leadership for the nation’s measurement and standards infrastructure. That’s basically a fancy way of saying they set the standards for things like encryption as it pertains to non-classified government information both in transit and in rest.
Granted, there are a lot of standards, or FIPS, Federal Information Processing Standards, we’re really only concerned with the ones that pertain to encrypted data in motion, or more specifically, as they relate to SSL. Keep in mind, these standards aren’t binding. But they are suggested by the US Government for any and all non-classified data.
So let’s Hash Out the NIST standards for SSL data encryption.
What are NIST Encryption Standards for SSL?
As spelled out in NIST SP 800-175B, Section 3, NIST breaks its cryptographic standards into three categories:
- Cryptographic Hash Functions
- Symmetric Key Algorithms
- Asymmetric Key Algorithms
We’ve written about this before, but here’s a quick refresher:
A cryptographic hash function is really just a cryptographic method for mapping data to a fixed-length output. This provides a useful way for determining the integrity of a piece of data. Now, when we say integrity I’m not referring to someone with a firm moral compass, I just mean that the data hasn’t been altered or tampered with. Here’s an example, let’s saying I’m using SHA-256 to hash a file. When I send the file I’ll send both the file itself, and the unique hash value that was created when I hashed the data with SHA-256. Now, when you receive the data, you can perform the same hash function and if the values match, the integrity of the data is in tact. Keep in mind, even the smallest alteration to the data will result in a completely different hash value.
That leaves us with symmetric and asymmetric encryption. Both use algorithms to encrypt data, the difference comes in the decryption. Asymmetric encryption could also be called one-way encryption. The keys are different. You most commonly see this during the SSL handshake, a client will use a public key to decrypt a message that the server will use its private key to decrypt. This is useful during authentication, but for the actual communication you’ll want to use something a bit more agile. That’s where symmetric encryption comes in. Symmetric encryption uses keys that can both encrypt and decrypt – it’s two-way encryption and it’s ideal for communication.
Ok, now that we’ve got a foundation, let’s get into the standards…
What are NIST Encryption Standards for Hash Functions?
FIPS 180 specifies the SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256 hash functions. These are sometimes just known as SHA-1 and SHA-2, the number following the hyphen denotes the length of the output. SHA-1 has been deprecated for the purposes of digital signatures, but may continue to be used for the majority of other hash functions.
Additionally, FIPS 202 outlines the use of SHA-3 at the -224, -256, -384 and -512 output lengths. More guidance on the use of SHA-3 is forthcoming.
What are NIST Encryption Standards for Symmetric Key Algorithms?
Several classes of symmetric algorithms have been approved for use by the NIST, based on either block cipher algorithms or hash-based functions.
Block Cipher Algorithms
- Data Encryption Standard (DES)
- Triple Data Encryption Algorithm (TDEA or Triple DES)
- Advanced Encryption Standard (AES)
What are NIST Encryption Standards for Asymmetric Key Algorithms?
Asymmetric algorithms tend to be much bigger and more unwieldy than their symmetric counterparts. There are several asymmetric algorithms approved for use by NIST. They are:
- Digital Signature Algorithm (DSA)
- Elliptic Curve Digital Signature Algorithm (ECDSA)
What are NIST Encryption Standards for Algorithm Strength?
Algorithm strength is crucial element in determining the overall strength of the encryption. Encryption strength is measured in terms of breakability – how difficult would it be for an attacker to break said encryption. The approved security strengths for federal applications are 112, 128, 192 and 256. Previously, 80-bits was allowed but that has since been found to be insecure.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018in Hashing Out Cyber Security
How to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chromein Everything Encryption
Re-Hashed: How to Fix SSL Connection Errors on Android Phonesin Everything Encryption
Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoidin ssl certificates
This is what happens when your SSL certificate expiresin Everything Encryption
Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Messagein Hashing Out Cyber Security
Report it Right: AMCA got hacked – Not Quest and LabCorpin Hashing Out Cyber Security
Re-Hashed: How to clear HSTS settings in Chrome and Firefoxin Everything Encryption
Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithmsin Everything Encryption
The Difference Between Root Certificates and Intermediate Certificatesin Everything Encryption
The difference between Encryption, Hashing and Saltingin Everything Encryption
Re-Hashed: How To Disable Firefox Insecure Password Warningsin Hashing Out Cyber Security
Cipher Suites: Ciphers, Algorithms and Negotiating Security Settingsin Everything Encryption
The Ultimate Hacker Movies List for December 2020in Hashing Out Cyber Security Monthly Digest
Anatomy of a Scam: Work from home for Amazonin Hashing Out Cyber Security
The Top 9 Cyber Security Threats That Will Ruin Your Dayin Hashing Out Cyber Security
How strong is 256-bit Encryption?in Everything Encryption
Re-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3in Everything Encryption
How to View SSL Certificate Details in Chrome 56in Industry Lowdown
PayPal Phishing Certificates Far More Prevalent Than Previously Thoughtin Industry Lowdown