Learn about NIST’s encryption standards and why they matter
The National Institute of Standards and Technology is an organization aimed at helping US economic and public welfare issues by providing leadership for the nation’s measurement and standards infrastructure. That’s basically a fancy way of saying they set the standards for things like encryption as it pertains to non-classified government information both in transit and in rest.
Granted, there are a lot of standards, or FIPS, Federal Information Processing Standards, we’re really only concerned with the ones that pertain to encrypted data in motion, or more specifically, as they relate to SSL. Keep in mind, these standards aren’t binding. But they are suggested by the US Government for any and all non-classified data.
So let’s Hash Out the NIST standards for SSL data encryption.
What are NIST Encryption Standards for SSL?
As spelled out in NIST SP 800-175B, Section 3, NIST breaks its cryptographic standards into three categories:
- Cryptographic Hash Functions
- Symmetric Key Algorithms
- Asymmetric Key Algorithms
We’ve written about this before, but here’s a quick refresher:
A cryptographic hash function is really just a cryptographic method for mapping data to a fixed-length output. This provides a useful way for determining the integrity of a piece of data. Now, when we say integrity I’m not referring to someone with a firm moral compass, I just mean that the data hasn’t been altered or tampered with. Here’s an example, let’s saying I’m using SHA-256 to hash a file. When I send the file I’ll send both the file itself, and the unique hash value that was created when I hashed the data with SHA-256. Now, when you receive the data, you can perform the same hash function and if the values match, the integrity of the data is in tact. Keep in mind, even the smallest alteration to the data will result in a completely different hash value.
That leaves us with symmetric and asymmetric encryption. Both use algorithms to encrypt data, the difference comes in the decryption. Asymmetric encryption could also be called one-way encryption. The keys are different. You most commonly see this during the SSL handshake, a client will use a public key to decrypt a message that the server will use its private key to decrypt. This is useful during authentication, but for the actual communication you’ll want to use something a bit more agile. That’s where symmetric encryption comes in. Symmetric encryption uses keys that can both encrypt and decrypt – it’s two-way encryption and it’s ideal for communication.
Ok, now that we’ve got a foundation, let’s get into the standards…
What are NIST Encryption Standards for Hash Functions?
FIPS 180 specifies the SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256 hash functions. These are sometimes just known as SHA-1 and SHA-2, the number following the hyphen denotes the length of the output. SHA-1 has been deprecated for the purposes of digital signatures, but may continue to be used for the majority of other hash functions.
Additionally, FIPS 202 outlines the use of SHA-3 at the -224, -256, -384 and -512 output lengths. More guidance on the use of SHA-3 is forthcoming.
What are NIST Encryption Standards for Symmetric Key Algorithms?
Several classes of symmetric algorithms have been approved for use by the NIST, based on either block cipher algorithms or hash-based functions.
Block Cipher Algorithms
- Data Encryption Standard (DES)
- Triple Data Encryption Algorithm (TDEA or Triple DES)
- Advanced Encryption Standard (AES)
What are NIST Encryption Standards for Asymmetric Key Algorithms?
Asymmetric algorithms tend to be much bigger and more unwieldy than their symmetric counterparts. There are several asymmetric algorithms approved for use by NIST. They are:
- Digital Signature Algorithm (DSA)
- Elliptic Curve Digital Signature Algorithm (ECDSA)
What are NIST Encryption Standards for Algorithm Strength?
Algorithm strength is crucial element in determining the overall strength of the encryption. Encryption strength is measured in terms of breakability – how difficult would it be for an attacker to break said encryption. The approved security strengths for federal applications are 112, 128, 192 and 256. Previously, 80-bits was allowed but that has since been found to be insecure.