SHA-1

Secure Hash Algorithms
Concepts
hash functions, SHA, DSA
Main standards
SHA-0, SHA-1, SHA-2, SHA-3
SHA-1
General
DesignersNational Security Agency
First published1993 (SHA-0),
1995 (SHA-1)
Series(SHA-0), SHA-1, SHA-2, SHA-3
CertificationFIPS PUB 180-4, CRYPTREC (Monitored)
Cipher detail
Digest sizes160 bits
Block sizes512 bits
StructureMerkle–Damgård construction
Rounds80
Best public cryptanalysis
A 2011 attack by Marc Stevens can produce hash collisions with a complexity between 260.3 and 265.3 operations.[1] The first public collision was published on 23 February 2017.[2] SHA-1 is prone to length extension attacks.

In cryptography, SHA-1 (Secure Hash Algorithm 1) is a hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as 40 hexadecimal digits. It was designed by the United States National Security Agency, and is a U.S. Federal Information Processing Standard.[3] The algorithm has been cryptographically broken[4][5][6][7][8][9][10] but is still widely used.

Since 2005, SHA-1 has not been considered secure against well-funded opponents;[11] as of 2010 many organizations have recommended its replacement.[12][10][13] NIST formally deprecated use of SHA-1 in 2011 and disallowed its use for digital signatures in 2013, and declared that it should be phased out by 2030.[14] As of 2020, chosen-prefix attacks against SHA-1 are practical.[6][8] As such, it is recommended to remove SHA-1 from products as soon as possible and instead use SHA-2 or SHA-3. Replacing SHA-1 is urgent where it is used for digital signatures.

All major web browser vendors ceased acceptance of SHA-1 SSL certificates in 2017.[15][9][4] In February 2017, CWI Amsterdam and Google announced they had performed a collision attack against SHA-1, publishing two dissimilar PDF files which produced the same SHA-1 hash.[16][2] However, SHA-1 is still secure for HMAC.[17]

Microsoft has discontinued SHA-1 code signing support for Windows Update on August 3, 2020,[18] which also effectively ended the update servers for versions of Windows that have not been updated to SHA-2, such as Windows 2000 up to Vista, as well as Windows Server versions from Windows 2000 Server to Server 2003.

  1. ^ Stevens, Marc (June 19, 2012). Attacks on Hash Functions and Applications (PDF) (PhD thesis). Leiden University. hdl:1887/19093. ISBN 9789461913173. OCLC 795702954.
  2. ^ a b Stevens, Marc; Bursztein, Elie; Karpman, Pierre; Albertini, Ange; Markov, Yarik (2017). Katz, Jonathan; Shacham, Hovav (eds.). The First Collision for Full SHA-1 (PDF). Advances in Cryptology – CRYPTO 2017. Lecture Notes in Computer Science. Vol. 10401. Springer. pp. 570–596. doi:10.1007/978-3-319-63688-7_19. ISBN 9783319636870. Archived from the original (PDF) on May 15, 2018. Retrieved February 23, 2017.
    • Marc Stevens; Elie Bursztein; Pierre Karpman; Ange Albertini; Yarik Markov; Alex Petit Bianco; Clement Baisse (February 23, 2017). "Announcing the first SHA1 collision". Google Security Blog.
  3. ^ "Secure Hash Standard (SHS)" (PDF). National Institute of Standards and Technology. 2015. doi:10.6028/NIST.FIPS.180-4. Federal Information Processing Standards Publication 180-4. Archived from the original (PDF) on 2020-01-07. Retrieved 2019-09-23.
  4. ^ a b "The end of SHA-1 on the Public Web". Mozilla Security Blog. 23 February 2017. Retrieved 2019-05-29.
  5. ^ Cite error: The named reference autogenerated1 was invoked but never defined (see the help page).
  6. ^ a b "Critical flaw demonstrated in common digital security algorithm". Nanyang Technological University, Singapore. 24 January 2020.
  7. ^ Cite error: The named reference :3 was invoked but never defined (see the help page).
  8. ^ a b Leurent, Gaëtan; Peyrin, Thomas (2020-01-05). "SHA-1 is a Shambles First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust" (PDF). Cryptology ePrint Archive, Report 2020/014.
  9. ^ a b "Google will drop SHA-1 encryption from Chrome by January 1, 2017". VentureBeat. 2015-12-18. Retrieved 2019-05-29.
  10. ^ a b Cite error: The named reference shappening was invoked but never defined (see the help page).
  11. ^ Schneier, Bruce (February 18, 2005). "Schneier on Security: Cryptanalysis of SHA-1".
  12. ^ "NIST.gov – Computer Security Division – Computer Security Resource Center". Archived from the original on 2011-06-25. Retrieved 2019-01-05.
  13. ^ Schneier, Bruce (8 October 2015). "SHA-1 Freestart Collision". Schneier on Security.
  14. ^ "NIST Retires SHA-1 Cryptographic Algorithm" (Press release). NIST. 2022-12-15.
  15. ^ Goodin, Dan (2016-05-04). "Microsoft to retire support for SHA1 certificates in the next 4 months". Ars Technica. Retrieved 2019-05-29.
  16. ^ "CWI, Google announce first collision for Industry Security Standard SHA-1". Retrieved 2017-02-23.
  17. ^ Barker, Elaine (May 2020). Recommendation for Key Management: Part 1 – General, Table 3 (Technical Report). NIST. p. 56. doi:10.6028/NIST.SP.800-57pt1r5.
  18. ^ "SHA-1 Windows content to be retired August 3, 2020". techcommunity.microsoft.com. Retrieved 2024-02-28.