Hashing algorithm that meet FISMA / other federal informations systems requirements

Question

I work in an organization that must meet FISMA requirements for FIPS-enabled systems. One of the thing that I am trying to do is implement a hash algorithm for our passwords. I have many choice on this: SHA-2, MD5, bcrypt (with Blowfish), RIPE, etc.

Reading through the various NIST publication, there is NOTHING that FISMA stated that I must use a specific algorithm to meet their requirements.

However, FIPS 180-4 specifies WHICH hash algorithm is considered secure according to FISMA, which is SHA-1 to SHA-512/256. NIST SP 800-132 also recommend the use of PBKDS2.

So does this mean that: a). I HAVE to use SHA for the hash algorithm to pass the FISMA audit / requirements?

...OR...

b). I CAN use any algorithm as long as it is BETTER than SHA? I.e. don't use MD5, but bcrypt or RIPE is OK.

Answer 1

How about both? Hash/salt your passwords using bcrypt to take advantage of its work factor features to provide future-proofing against massively parallel brute force attacks. Then SHA-512 the result from bcrypt and store that.

You get your protection from bcrypt, and you check the FISMA/FIPS box because you're storing a hash generated with their accepted algorithm.

Even if someone could brute-force SHA-512 to find an input that generates the same hash you've got stored in the database, that input isn't a working password that can log a user into the system.

Answer 2

Yes, you have to use SHA. SP 800-53 references FIPS 140-2 all over the place, implying that you must use SHA-256 or SHA-512. (Avoid SHA-1).

It's spelled out clearly in the MEMORANDUM FOR HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES from the Executive Office of the President:

11. Is use of National Institute of Standards and Technology (NIST) publications required?

Yes. For non-national security programs and information systems, agencies must follow NIST standards and guidelines. ...

12. Are NIST guidelines flexible?

Yes. While agencies are required to follow NIST standards and guidelines in accordance with OMB policy, there is flexibility within NIST’s guidelines (specifically in the 800-series) in how agencies apply them. However, Federal Information Processing Standards (FIPS) are mandatory. ...

(And think about it. NIST didn't publish SHA as a standard so that you could go and use something else instead...)

Also, SHA and Bcrypt aren't really directly comparable. SHA is a set of hashing algorithms. Bcrypt is more of a process to produce a hash with the Blowfish algorithm at its core. The FIPS equivalent of Bcrypt is PBKDF2, which uses SHA as its core algorithm.