NIST Retires Vulnerable SHA-1 Cryptographic Hash Algorithm

NIST Retires Vulnerable SHA-1 Cryptographic Hash Algorithm


The SHA algorithm, whose initial stands for “secure hash algorithm” was one of the first widely used security measures for protecting electronic information. SHA-1 algorithm has been the building block in securing many applications and as well as validating websites. So, when a user tries loading a webpage, you could trust with confidence the content from the requested source is genuine. SHA performs its security algorithm using complex mathematical operations on a string of characters that generates a short string of character called hash. It is difficult to extract the original message using the generated hash, but using the hash helps the recipient in checking whether the received message is genuine. A compromised message results in altering the hash values completely, informing the recipient that the message received is not a match and could essentially be compromised.

With today’s computer being increasingly powerful in attacking the algorithm, security experts at the National Institute of Standards and Technology (NIST) have stated that SHA-1 is reaching its end of useful life. NIST is announcing that SHA-1 should be phased out by December 31, 2030, in favor of the more secure algorithm group SHA-2 and SHA-3. The once-widely used algorithm is now easy to crack, making it unsafe to use in security contexts. NIST deprecated SHA-1 in 2011 and disallowed using SHA-1 when creating or verifying digital signatures in 2013.


“We recommend that anyone relying on SHA-1 for security migrate to SHA-2 or SHA-3 as soon as possible,”

- Chris Celi, Computer Scientist, National Institute of Standards and Technology


It has become easy to create fraudulent messages that results with the same hash as the original, authentic message that is a result of a compromise. This results in an “collision” attack that has made it easy to undermine SHA-1 algorithm in the recent years. While hashing is supposed to be one-way and not reversible, attackers have taken SHA-1 hashes of common strings and stored them in lookup tables, making it trivial to launch dictionary-based attacks. SHA-1 has been on its way out for years. Major web browsers stopped supporting digital certifications based on SHA-1 in 2017. Microsoft dropped SHA-1 from Windows Update in 2020. But there are still legacy applications that support SHA-1.

NIST has stated that attacks on SHA-1 in applications have become increasingly severe, leading to the decision of mitigating from SHA-1 protocol effectively by December 31st, 2030. SHA-1 was among the seven hash algorithms originally approved for use in the Federal Information Process Standards (FIPS) 180-4. The next version of the government's standard, FIPS 180-5, will be final by the end of 2030 -- and SHA-1 will not be included in that version. That means after 2030, the federal government will not be allowed to purchase devices or applications still using SHA-1.

By that date, NIST plans to:

  • • Publish FIPS 180-5 (a revision of FIPS 180) to remove the SHA-1 specification.
  • • Revise SP 800-131A and other affected NIST publications to reflect the planned withdrawal of SHA-1.
  • • Create and publish a transition strategy for validating cryptographic modules and algorithms.

“Modules that still use SHA-1 after 2030 will not be permitted for purchase by the federal government,” Celi said. “Companies have eight years to submit updated modules that no longer use SHA-1. Because there is often a backlog of submissions before a deadline, we recommend that developers submit their updated modules well in advance, so that CMVP (Cryptographic Module Validation Program) has time to respond.” This will effectively phase out SHA-1 algorithm and avoid any disruptions to their stakeholders – particularly cryptographic module vendors – to help minimize potential delays in the validation process.