SecurityWeek reports that the National Institute for Standards and Technology has urged IT teams to transition to the SHA-2 and SHA-3 cryptographic algorithms as it announced the retirement of the SHA-1 algorithm by Dec. 31, 2030.
SHA-1, which has been leveraged in various security applications, is slated to be replaced as it could already be easily compromised by various attacks, including a collision attack that involves the creation of two messages by sophisticated computers that could result in the same hash that could impact an authentic message.
Microsoft, Google, Facebook, and Mozilla have already begun transitioning from the SHA-1 algorithm while SHA-1-based certificates have not been issued since the beginning of 2017.
"Modules that still use SHA-1 after 2030 will not be permitted for purchase by the federal government. Companies have eight years to submit updated modules that no longer use SHA-1. Because there is often a backlog of submissions before a deadline, we recommend that developers submit their updated modules well in advance, so that CMVP has time to respond," said NIST computer scientist Chris Celi.
Artificial intelligence poses a pretty scary threat to information security overall, but application-security testers should find AI to be extremely useful for finding flaws and weeding out false positives.