Updated on 2022-12-19
Owing to the evolving security standards, NIST has set a timeline to remove the support for the SHA-1 algorithm from all hardware and software devices. The agency recommends switching to SHA-2 or SHA-3 for securing electronic information. Read more: NIST Transitioning Away from SHA-1 for All Applications
Updated on 2022-12-16: NIST retires SHA-1
US NIST has announced the formal retirement of the SHA-1 cryptographic algorithm and has asked IT professionals, companies, and software vendors to replace it with SHA-2 or SHA-3 and phase it out by the end of 2030. Read more: NIST Retires SHA-1 Cryptographic Algorithm
Overview: NIST Retires SHA-1 Cryptographic Algorithm, Slowly
The US National Institute of Standards and Technology (NIST) has retired the SHA-1 cryptographic algorithm, which was introduced more than 25 years ago. NIST recommends that organizations should migrate to SHA-2 or SHA-3 by the end of the 2030 calendar year.
Note
- SHA-1 has known weaknesses and various PoC attacks have already been released taking advantage of SHA-1. However, remember that removing SHA-1 from legacy software will first of all take time, and secondly, depending on the use case, SHA-1 may not be a huge problem for some software. The 2030 deadline was implemented not because SHA-1 will all for sudden fail horribly in 2030 but because this is the earliest reasonable deadline for such a major change.
- While SHA-1 has been cryptographically nullified since 2017, moving away from it requires active steps. You’re going to have to identify all the services which are still using it and move them to at least SHA-2. There are some easy wins here, e.g., update the certificate and reconfigure any certificate authorities to not use SHA-1; all certificates will have aged out well before 2030. Also stop publishing SHA-1 checksums so the issue isn’t perpetuated.
- Since collision attacks against SHA-1 were made real in 2017, waiting 13 years overall to ban government buying of a known compromised algorithm is too long. An earlier deadline with a defined waiver process now is a much better approach than pushing it out 8 years from now.
- Attacks against SHA-1 have been known for over 17 years. Replacement algorithms for SHA-1 have been available for well over a decade. Why not leverage the recent USG mandate to inventory assets [susceptible to quantum computer attack], to identify and replace SHA-1 with SHA-3 in the next year or two.
- Collisions are fundamental and inevitable. While collision attacks can be demonstrated, they are not cheap and do not appear “in the wild.” That said, replacing SHA-1 with more robust algorithms, while not urgent, is efficient.
Read more in