Hashing affects signatures, integrity checks, KDFs, random generation, and protocol transcripts. Choose the digest deliberately.
This page explains SHA-2, SHA-3, and SHAKE with practical selection rules.
Structured answer sets in this page tree.
Cited legal and guidance references.
FIPS 180-4, published in August 2015, specifies the Secure Hash Standard and includes SHA-1 and the SHA-2 family. FIPS 202, also published in August 2015, specifies SHA-3 and the XOFs SHAKE128 and SHAKE256. FIPS 202 explicitly says SHA-3 supplements the functions in FIPS 180-4 and that the two standards together provide resilience because they rely on different design principles. The engineering challenge is choosing the right digest or XOF for the actual use case and then keeping those choices stable across implementations and time.
FIPS 180-4 covers SHA-1 and the SHA-2 family: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256. It says either FIPS 180-4 or FIPS 202 must be implemented wherever a secure hash algorithm is required for Federal applications.
FIPS 202 covers SHA3-224, SHA3-256, SHA3-384, SHA3-512, and the XOFs SHAKE128 and SHAKE256. It also defines the underlying Keccak-based structure and makes clear that the XOFs are different from fixed-output hash functions.
SHAKE128 and SHAKE256 are approved XOFs under FIPS 202, but the standard says their approved uses are specified in NIST Special Publications. That matters because they are not simply drop-in replacements for every hash use case.
Because output length is variable, teams have to pin output length and context explicitly. Otherwise, related outputs can create protocol or interoperability surprises.
Hash functions are part of signature-system interoperability, not just internal plumbing. FIPS 186-5 references both FIPS 180 and FIPS 202 because digest choice affects signature validity, verification behavior, and security strength.
The same problem appears in protocols. If one side upgrades or switches digests without explicit agreement, verification and transcript handling can fail.
Hashing is easy to implement and easy to get subtly wrong. Reviewers will want to know where each hash or XOF is used, which parameters are allowed, and how mismatch or downgrade is prevented.
A strong evidence pack makes those answers obvious.
Research Copilot can take FIPS Crypto Algorithms Secure hash from getting cited answers and faster research on this topic to a reusable workflow inside Sorena. Teams working on FIPS Crypto Algorithms can keep owners, evidence, and next steps aligned without copying this guide into separate documents.
Start from FIPS Crypto Algorithms Secure hash and answer scope, timing, and interpretation questions with cited outputs.
Review your current process, evidence gaps, and next steps for FIPS Crypto Algorithms Secure hash.