Goodbye SHA-1: NIST Retires 27-Year-Old Widely Used Cryptographic Algorithm
Dec 16, 2022
Encryption / Data Security
The U.S. National Institute of Standards and Technology (NIST), an agency within the Department of Commerce, announced Thursday that it's formally retiring the SHA-1 cryptographic algorithm. SHA-1 , short for Secure Hash Algorithm 1, is a 27-year-old hash function used in cryptography and has since been deemed broken owing to the risk of collision attacks . While hashes are designed to be irreversible – meaning it should be impossible to reconstruct the original message from the fixed-length enciphered text – the lack of collision resistance in SHA-1 made it possible to generate the same hash value for two different inputs. In February 2017, a group of researchers from CWI Amsterdam and Google disclosed the first practical technique for producing collisions on SHA-1, effectively undermining the security of the algorithm. "For example, by crafting the two colliding PDF files as two rental agreements with different rent, i...