9-7.4 Cryptographic Hash Function

A cryptographic hash function is an algorithm that takes an arbitrary block of data and returns a fixed-size bit string, hash value, such that an (accidental or intentional) change to the data will (with very high probability) change the hash value. The data to be encoded is often called the “message,” and the hash value is sometimes called the message digest. The ideal cryptographic hash function must have the following significant properties:

  1. It is easy to compute the hash value for any given message.
  2. It is infeasible to generate a message that has a given hash.
  3. It is infeasible to modify a message without changing the hash.
  4. It is infeasible to find two different messages with the same hash.

The Postal Service cryptographic hash standard is SHA-2 or SHA 256. Older algorithms (e.g., SHA 1) maintained by commercial products and applications used and developed by the Postal Service may continue to be supported since they may be required to validate digital signatures executed in the past and to decrypt objects encrypted in the past using the older algorithms and key sizes. These cases must show acceptable effort of migration to standard algorithms as identified in this policy and receive an exception waiver by the CISO. In addition it is recommended that:

  1. A Salt value is always used with your hash. This is especially important if the sensitive data to be protected is short like a password, social security number, or a payment card number.
  2. Always use a Strong Salt value when creating a credential hash. A Salt is a fixed-length cryptographically-strong random value. Follow these practices to properly implement credential-specific salts:
    1. Generate a unique salt upon creation of each stored credential (not only per user or systemwide).
    2. Use cryptographically-strong random data.
    3. As storage permits, use a 32-byte or 64-byte salt.
  3. The Salt value should be protected as any other cryptographic value.