DevSecOps, Threat Management

SHA-1 cryptographic algorithm to be retired

SecurityWeek reports that the National Institute for Standards and Technology has urged IT teams to transition to the SHA-2 and SHA-3 cryptographic algorithms as it announced the retirement of the SHA-1 algorithm by Dec. 31, 2030. SHA-1, which has been leveraged in various security applications, is slated to be replaced as it could already be easily compromised by various attacks, including a collision attack that involves the creation of two messages by sophisticated computers that could result in the same hash that could impact an authentic message. Microsoft, Google, Facebook, and Mozilla have already begun transitioning from the SHA-1 algorithm while SHA-1-based certificates have not been issued since the beginning of 2017. "Modules that still use SHA-1 after 2030 will not be permitted for purchase by the federal government. Companies have eight years to submit updated modules that no longer use SHA-1. Because there is often a backlog of submissions before a deadline, we recommend that developers submit their updated modules well in advance, so that CMVP has time to respond," said NIST computer scientist Chris Celi.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.