Security News > 2022 > December > Goodbye SHA-1: NIST Retires 27-Year-Old Widely Used Cryptographic Algorithm

Goodbye SHA-1: NIST Retires 27-Year-Old Widely Used Cryptographic Algorithm
2022-12-16 07:39

The U.S. National Institute of Standards and Technology, an agency within the Department of Commerce, announced Thursday that it's formally retiring the SHA-1 cryptographic algorithm.

SHA-1, short for Secure Hash Algorithm 1, is a 27-year-old hash function used in cryptography and has since been deemed broken owing to the risk of collision attacks.

In February 2017, a group of researchers from CWI Amsterdam and Google disclosed the first practical technique for crafting collisions on SHA-1, effectively undermining the security of the algorithm.

The cryptanalytic attacks on SHA-1 prompted NIST in 2015 to mandate federal agencies in the U.S. to stop using the algorithm for generating digital signatures, timestamps, and other applications that require collision resistance.

According to NIST's Cryptographic Algorithm Validation Program, which curates a list of approved cryptographic algorithms, there are 2,272 libraries that have been accredited since January 2018 and still support SHA-1.

Besides urging users to rely on the algorithm to migrate to SHA-2 or SHA-3 for securing electronic information, NIST is also recommending for SHA-1 be entirely phased out by December 31, 2030.


News URL

https://thehackernews.com/2022/12/goodbye-sha-1-nist-retires-27-year-old.html