December 16, 2022Rabbi LakshmananEncryption / data security

The National Institute of Standards and Technology (NIST), an agency within the Department of Commerce, announced On Thursday, we announced the official retirement of the SHA-1 encryption algorithm.

SHA-1which stands for Secure Hash Algorithm 1 and is 27 years old hash function used in cryptography and since Considered broken because there is a risk of collision attack.

Although hashing is designed to be irreversible, it should be impossible to reconstruct the original message from the fixed-length ciphertext, whereas SHA-1 is not collision-resistant. , I was able to generate the same hash value for two different inputs.

cyber security

In February 2017, a group of researchers from CWI Amsterdam and Google disclosed This is the first practical technique for generating collisions in SHA-1 and effectively undermines the security of the algorithm.

“For example, creating two colliding PDF files as two rental agreements with different rents to trick someone into signing a low rent agreement to create a valid signature for a high rent agreement. You can.” Researcher Said at the time.

Cryptanalysis attack against SHA-1 prompt In 2015, NIST mandated that US federal agencies stop using algorithms for generating digital signatures, timestamps, and other applications that require collision resistance.

NIST’s Cryptographic Algorithm Validator (CAVP), which curates a list of approved cryptographic algorithms. 2,272 libraries Certified since January 2018 and still supports SHA-1.

In addition to urging users relying on this algorithm to migrate to SHA-2 or SHA-3 to protect electronic information, NIST has announced that SHA-1 will be fully phased out by December 31, 2030. We also recommend deprecating it.

“Modules still using SHA-1 after 2030 will purchase authorization NIST computer scientist Chris Celi said:

Did you find this article interesting?Please follow us twitter When LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog