Dec 16, 2022
Encryption / Data Security
The U.S. National Institute of Standards and Technology (NIST), an agency within the Department of Commerce, announced Thursday that it's formally retiring the SHA-1 cryptographic algorithm. SHA-1 , short for Secure Hash Algorithm 1, is a 27-year-old hash function used in cryptography and has since been deemed broken owing to the risk of collision attacks . While hashes are designed to be irreversible – meaning it should be impossible to reconstruct the original message from the fixed-length enciphered text – the lack of collision resistance in SHA-1 made it possible to generate the same hash value for two different inputs. In February 2017, a group of researchers from CWI Amsterdam and Google disclosed the first practical technique for producing collisions on SHA-1, effectively undermining the security of the algorithm. "For example, by crafting the two colliding PDF files as two rental agreements with different rent, it is possible to trick someone to create