In the United States government use,
you want to be on the FIPS (Federal Information Processing Standards) list
of acceptable algorithms. From an open standard perspective you would
also want to have at least one algorithm which is unencumbered by patents.
According to http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
the FIPS hash algorithms are: SHA-1, SHA-256, SHA-384, and SHA-512
-Rob
Patrick Durusau <patrick@durusau.net> wrote
on 11/28/2006 06:29:31 AM:
> David,
>
> David Faure wrote:
>
> >On Tue Nov 28 2006, Patrick Durusau wrote:
> >
> >
> >>Shouldn't encryption of the password be considered as application
specific?
> >>
> >>
> >
> >This would simply kill interoperability. Why don't we standardize
> the hash function instead?
> >
> >
> >
> Sure, but we did not even specify a choice of hash functions in the
> current version.
>
> So, specifying what must/should be supported will enhance
> interoperability but would be more restrictive than our prior statements
> on this issue.
>
> Does anyone know if the list of hash functions posted by Florian
> (thanks!) would be considered sufficient by government agencies? Or
common?
>
> Hope everyone is having a great day!
>
> Patrick
>
> --
> Patrick Durusau
> Patrick@Durusau.net
> Chair, V1 - Text Processing: Office and Publishing Systems Interface
> Co-Editor, ISO 13250, Topic Maps -- Reference Model
> Member, Text Encoding Initiative Board of Directors, 2003-2005
>
> Topic Maps: Human, not artificial, intelligence at work!
>
>