I work in an organization that must meet FISMA requirements for FIPS-enabled systems. One of the thing that I am trying to do is implement a hash algorithm for our passwords. I have many choice on this: SHA-2, MD5, bcrypt (with Blowfish), RIPE, etc.
Reading through the various NIST publication, there is NOTHING that FISMA stated that I must use a specific algorithm to meet their requirements.
However, FIPS 180-4 specifies WHICH hash algorithm is considered secure according to FISMA, which is SHA-1 to SHA-512/256. NIST SP 800-132 also recommend the use of PBKDS2.
So does this mean that:
a). I HAVE to use SHA for the hash algorithm to pass the FISMA audit / requirements?
…OR…
b). I CAN use any algorithm as long as it is BETTER than SHA? I.e. don’t use MD5, but bcrypt or RIPE is OK.
Yes, you have to use SHA. SP 800-53 references FIPS 140-2 all over the place, implying that you must use SHA-256 or SHA-512. (Avoid SHA-1).
It’s spelled out clearly in the MEMORANDUM FOR HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES from the Executive Office of the President:
(And think about it. NIST didn’t publish SHA as a standard so that you could go and use something else instead…)
Also, SHA and Bcrypt aren’t really directly comparable. SHA is a set of hashing algorithms. Bcrypt is more of a process to produce a hash with the Blowfish algorithm at its core. The FIPS equivalent of Bcrypt is PBKDF2, which uses SHA as its core algorithm.