Select Page

The U.S. National Institute of Standards and Technology (NIST), an agency within the Department of Commerce, announced Thursday that it’s formally retiring the SHA-1 cryptographic algorithm.

SHA-1, short for Secure Hash Algorithm 1, is a 27-year-old hash function used in cryptography and has since been deemed broken owing to the risk of collision attacks.

While hashes are designed to be irreversible – meaning it should be impossible to reconstruct the original message from the fixed-length enciphered text – the lack of collision resistance in SHA-1 made it possible to generate the same hash value for two different inputs.

In February 2017, a group of researchers from CWI Amsterdam and Google disclosed the first practical technique for producing collisions on SHA-1, effectively undermining the security of the algorithm.

images from Hacker News