Security News > 2022 > December > NIST says you better dump weak SHA-1 ... by 2030

NIST says you better dump weak SHA-1 ... by 2030
2022-12-16 02:28

As soon as possible isn't necessarily all that soon: NIST says you should be rid of SHA-1 from your software and systems by December 31, 2030.

SHA-1 is among seven hash algorithms approved for use in the Federal Information Processing Standard 180-4.

NIST intends to update SP 800-131A and other relevant NIST publications to reflect the retirement of SHA-1.

A SHA-1 hash is made by mapping a message of arbitrary length to a fixed-length message digest consisting of 160 bits, typically represented by 40 hexadecimal digits.

NIST deprecated SHA-1 in 2011 and disallowed its use in digital signature creation and verification with limited exceptions in 2013 as a result of a theoretical collision attack described in 2005 that became practical in 2017 [PDF].

NIST's Cryptographic Algorithm Validation Program, which validates cryptographic algorithms for vendors, includes 2,272 cryptographic modules validated in the past five years that still support SHA-1.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/12/16/nist_sets_sha1_retirement_date/