A cryptographic algorithm standard first published almost 30 years ago has reached the end of the road, the National Institute of Standards and Technology said Thursday.
While NIST reemphasized the need for anyone relying on secure hash algorithm (SHA-1) for security to migrate to newer and more advanced algorithms in SHA-2 or SHA-3, the issue remains only moderately urgent.
The agency called for federal agencies to scrap SHA-1 by the end of 2030, and said it plans to stop using SHA-1 in specified protocols and remove the specification from publication by that time. NIST also advised IT professionals to stop using SHA-1 as a building block for security and transition to specifications that meet a higher standard.
The widely used standard has had a long goodbye tour as its limitations became clear, undermined by computational advancements. Computers as early as 2005 were able to initiate collision attacks against SHA-1 by creating messages that result in the same hash as the original, compromising the authentic message.
First used in 1995, SHA-1 authenticates data transmissions between a client and server during the transport layer security (TLS) handshake. It does this by creating a 160-bit hash value rendered in 40 hexadecimal digits.
The move disallows the federal government from purchasing modules that use SHA-1 after 2030, and gives vendors eight years to develop and submit updated modules for NIST verification.
NIST previously advised federal agencies to stop using SHA-1 to create digital signatures and said attacks on SHA-1 in other applications have become “increasingly severe.”
The cryptographic algorithm was one of the first widely used methods to protect electronic information, as part of the U.S. Federal Information Processing Standard. But according to NIST, SHA-1 “has reached the end of its useful life.”