The National Institute of Standards and Technology (NIST) published last week a list of 51 submissions that made the initial cut in the competition to become the next secure hashing standard for the United Stated.

The contest seeks to find a strong replacement for the current family of hash functions, some of which have been shown to be cryptographically weaker than originally thought. The teams first submitted their proposals to the government agency at the end of October. The list, published last week, represents those proposals that satisfied the government baseline criteria.

The next step for the teams behind the submissions: Cracking the other algorithms. The best chance for each team's hashing proposal will be to find flaws in the other submissions. Already, three of the 51 teams have acknowledged that there are weaknesses in their proposal, according to NIST's Web site.

Hash algorithms are very important functions in computer security. The algorithms can reduce a large data file -- such as a Word document or e-mail message -- to a simple, if sometimes long, number that can be used to identify the data, in the same way that fingerprints are used to identify humans. A good hash function gives a completely different result if the original file is changed even slightly. A variety of encryption and security functions use hashes, from integrity checks to digital signatures.

Researchers have found practical attacks against older hash functions known as MD4 and SHA-0, demonstrating the ability to generate "collisions," ways of creating two data files that result in the same hash. By forcing a collision, an attacker could, for example, create a modified version of a contract that appears to match -- according to the hash -- the original digitally-signed document. Some weaknesses have been found in a more recent hashing algorithm, known as SHA-1. And, while no practical attacks have been found against the current secure standard, SHA-2, NIST is not waiting to find a replacement.

The federal agency will host a conference on the proposals at the end of February to discuss the field of hash proposals. By 2010, NIST aims to whittle the field down to a dozen or so contenders, and plans to hold a second conference.

If you have tips or insights on this topic, please contact SecurityFocus.