"NIST Retires SHA-1 Cryptographic Algorithm"
According to security specialists at the National Institute of Standards and Technology (NIST), the SHA-1 algorithm, one of the first widely used techniques for securing electronic information, has reached the end of its useful life. The agency is now advising that Information Technology (IT) workers replace SHA-1 with more secure algorithms in the few cases where it is still utilized. Since 1995, SHA-1 has been used as part of the Federal Information Processing Standard (FIPS) 180-1. It is a modified version of SHA, the first hash function standardized for broad usage by the federal government in 1993. Since today's increasingly powerful computers can attack the algorithm, NIST has announced that SHA-1 should be phased out by December 31, 2030, in favor of the more secure SHA-2 and SHA-3 algorithms. SHA-1 has been used as a part of the foundation for numerous security applications, including website validation. It protects data by executing a complex math operation on the characters of a message, resulting in a short string of characters known as a hash. It is impossible to reconstruct the original message from the hash alone, but knowing the hash allows a recipient to determine whether the original message has been compromised. Little changes to the content drastically modify the resulting hash. Today's more powerful computers can create fake messages resulting in the same hash as the original, possibly jeopardizing the authenticity of the communication. In recent years, "collision" attacks have been launched to compromise SHA-1. NIST previously stated that federal agencies should avoid using SHA-1 in cases when collision attacks are a serious threat, such as when creating digital signatures. This article continues to discuss the retirement of the SHA-1 cryptographic algorithm.