NIST to Retire 27-Year-Old SHA-1 Cryptographic Algorithm

The US National Institute of Standards and Technology (NIST) this week recommended that IT professionals replace the SHA-1 cryptographic algorithm with newer, more secure ones.

The first widely used method of securing electronic information and in use since 1995, SHA-1 is a slightly modified version of SHA, or ‘secure hash algorithm’, the very first standardized hash function.

According to NIST, SHA-1 ‘has reached the end of its useful life’, given that the high computing capabilities of today’s systems can easily attack the algorithm.

“NIST is announcing that SHA-1 should be phased out by Dec. 31, 2030, in favor of the more secure SHA-2 and SHA-3 groups of algorithms,” the agency within the Department of Commerce announced.

Used as the foundation of numerous security applications, including validating websites, SHA-1 secures information by generating a hash – a short string of characters resulting from a complex math operation performed on the characters of a message.

While the original message cannot be reconstructed from the hash alone, a recipient can use the hash to check whether the original message has been compromised.

The main threat to SHA-1 is the fact that today’s powerful computers can create two messages that lead to the same hash, potentially compromising an authentic message – the technique is referred to as a ‘collision’ attack.

The cost of launching collision attacks against SHA-1 has decreased significantly in recent years, and tech giants such as Google, Facebook, Microsoft and Mozilla have taken steps to move away from the cryptographic algorithm. Certificate authorities stopped issuing certificates using SHA-1 as of January 1, 2017.

NIST, which previously recommended that federal agencies stop using SHA-1 for creating digital signatures and for other operations threatened by collision attacks, will stop using SHA-1 by December 31, 2030.

By then, NIST will publish the Federal Information Processing Standard (FIPS) 180-5, a revision of FIPS 180 that removes the SHA-1 specification. It will also revise SP 800-131A and other publications to reflect SHA-1 withdrawal, and will create and publish a transition strategy for validating cryptographic modules and algorithms, as part of its Cryptographic Module Validation Program (CMVP).

“Modules that still use SHA-1 after 2030 will not be permitted for purchase by the federal government. Companies have eight years to submit updated modules that no longer use SHA-1. Because there is often a backlog of submissions before a deadline, we recommend that developers submit their updated modules well in advance, so that CMVP has time to respond,” NIST computer scientist Chris Celi said.

Related: NIST Releases New macOS Security Guidance for Organizations

Related: Is OTP a Viable Alternative to NIST’s Post-Quantum Algorithms?

Related: NIST Post-Quantum Algorithm Finalist Cracked Using a Classical PC