14

When NIST introduced SHA-0 in 1993, they – for the first time – switched their naming convention from MD-n to SHA-n. Since both point to similar constructions (read: hashing algorithms with the same cryptographic goals), I am wondering why NIST chose to change the naming from „Message Digest“ to „Secure Hashing Algorithm“. A look around didn’t return useful information related to this.

Was there a specific reason to change the existing naming convention? Does it in some way indicate that there was change in cryptographic goals (and if, which ones) or was it simply the result of a standardization decision, potentially based on terminological changes within NIST definitions?

In case there’s an official statement explaining this change in naming convention, I’ld also appreciate a pointer to it for reference purposes.

e-sushi
  • 17,891
  • 12
  • 83
  • 229

1 Answers1

26

When NIST introduced SHA-0 in 1993, they – for the first time – switched their naming convention from MD-n to SHA-n

Actually, MD-n was not NIST's naming conventions; it was RSA Security's (a private company) naming convention. Before SHA (which was the original name; SHA-0 is retroactive terminology given to distinguish the original proposal from what was finally adopted: SHA-1), NIST didn't define any hash functions.

poncho
  • 147,019
  • 11
  • 229
  • 360
  • 4
    Easy demonstration with MD6, which was designed by Rivest et al. (like all MDn). It was submitted for SHA-3, but was "not yet ready to be a candidate for SHA-3 because of speed issues". – Ruben De Smet Mar 14 '18 at 17:42
  • (Possibly off-topic) What actually happened with MD6 after Keccak was chosen? The Wikipedia page says it got fixed back up, but I can find no widespread implementations of it, or mentions of any further changes to it in the last few years. Has it been essentially abandoned in favor of the formally accepted SHA-3? – Ti Strga Mar 14 '18 at 22:07
  • @TiStrga: I haven't heard of anyone using it. – poncho Mar 14 '18 at 22:57
  • 3
    @TiStrga There's no reason for anyone to bother with MD6 given that SHA-2 is still fine, BLAKE2 is faster, and SHA-3 is now standard. We already have too many good standard options! – Squeamish Ossifrage Mar 15 '18 at 02:28
  • @SqueamishOssifrage I prefer to think there's no such thing called "too many good standard options" because otherwise I'ld have to question the reasoning for SHA-3''s existence. ;) – e-sushi Mar 15 '18 at 14:00
  • Yeah, I'm fine with saying "there's no need for it now that we have all these other good choices," but I dunno about "too many options". Having an embarrassment of riches is never a bad thing when it comes to provably-good crypto. :-) Thanks all for your responses! – Ti Strga Mar 15 '18 at 15:05