Goodbye SHA-1: NIST Retires 27-Year-Old Widely Used Cryptographic Algorithm

Dec 16, 2022Ravie LakshmananEncryption / Data Security

The U.S. National Institute of Standards and Technology (NIST),
an agency within the Department of Commerce, announced ^[1]
Thursday that it’s formally retiring the SHA-1 cryptographic
algorithm.

SHA-1 ^[2], short for Secure Hash
Algorithm 1, is a 27-year-old hash function ^[3]
used in cryptography and has since been deemed ^[4]
broken ^[5]
owing to the risk of collision attacks ^[6].

While hashes are designed to be irreversible – meaning it should
be impossible to reconstruct the original message from the
fixed-length enciphered text – the lack of collision resistance in
SHA-1 made it possible to generate the same hash value for two
different inputs.

In February 2017, a group of researchers from CWI Amsterdam and
Google disclosed ^[7]
the first practical technique for crafting collisions on SHA-1,
effectively undermining the security of the algorithm.

“For example, by crafting the two colliding PDF files as two
rental agreements with different rent, it is possible to trick
someone to create a valid signature for a high-rent contract by
having him or her sign a low-rent contract,” the researchers
said ^[8] at the time.

The cryptanalytic attacks on SHA-1 prompted ^[9]
NIST in 2015 to mandate federal agencies in the U.S. to stop using
the algorithm for generating digital signatures, timestamps, and
other applications that require collision resistance.

According to NIST’s Cryptographic Algorithm Validation Program
(CAVP ^[10]), which curates a list
of approved cryptographic algorithms, there are 2,272 libraries ^[11] that have been
accredited since January 2018 and still support SHA-1.

Besides urging users to rely on the algorithm to migrate to
SHA-2 or SHA-3 for securing electronic information, NIST is also
recommending for SHA-1 be entirely phased out by December 31,
2030.

“Modules that still use SHA-1 after 2030 will not be permitted for purchase ^[12] by the federal
government,” NIST computer scientist Chris Celi said. “Companies
have eight years to submit updated modules that no longer use
SHA-1.”

Found this article interesting? Follow us on Twitter ^[13] and LinkedIn ^[14] to read more exclusive
content we post.

References

^{^}
announced
(www.nist.gov)
^{^}
SHA-1
(en.wikipedia.org)
^{^}
hash
function (en.wikipedia.org)
^{^}
deemed
(www.schneier.com)
^{^}
broken
(csrc.nist.gov)
^{^}
collision attacks
(en.wikipedia.org)
^{^}
disclosed
(security.googleblog.com)
^{^}
said
(shattered.it)
^{^}
prompted
(csrc.nist.gov)
^{^}
CAVP
(csrc.nist.gov)
^{^}
2,272
libraries (csrc.nist.gov)
^{^}
permitted for purchase
(csrc.nist.gov)
^{^}
Twitter 
(twitter.com)
^{^}
LinkedIn
(www.linkedin.com)