NIST Retires SHA-1 Cryptographic Algorithm After 27 Years

The SHA-1 hash algorithm has been retired by NIST (National Institute of Standards and Technology), an official U.S. government body, that now recommends anyone still using it to upgrade to newer and stronger ciphers like SHA-2 and SHA-3.

First published in 1995 by NIST, the SHA-1 cipher became one of the most widely used tools for encrypting sensitive data online, including user passwords, documents, messages, and more.

Encryption is a “structured scrambling” of data to prevent unauthorized individuals from reading it, allowing only those holding a valid decryption key to access it.

For example, VPN programs and secure instant messaging apps use end-to-end asymmetric encryption involving a public and a private key to scramble network traffic data and messages, respectively, addressing the risk of man-in-the-middle attacks.

One iteration within the SHA-1 compression function
Wikipedia

Even if a threat actor manages to snoop on the data channels of these apps, they won’t be able to decipher the captured data, and so the breach won’t have any adverse effect.

The problem with encryption algorithms is that they can be broken, and one way to do this is by employing raw computer power to guess the decryption key.

For strong enough ciphers, attempting to break them using modern-day processors is impractical, but older algorithms can be easily brute-forced.

Until 2005, the SHA-1 was generally considered secure “against well-funded opponents,” but as of 2010, organizations were already moving to newer and more robust algorithms.

In 2017, all major web browsers stopped accepting SHA-1

Read more

Explore the site

More from the blog

Latest News