SHA-1 cryptographic algorithm’s end of useful life

SHA-1 cryptographic algorithm’s end of useful life

SHA-1 cryptographic algorithm has reached its end of useful life, after 27 years since its publication. The National Institute of Standards and Technology (NIST) recommends replacing it for newer, more secure algorithms like SHA-2 and SHA-3. It aims for the SHA-1 hash function to be completely phased out by the end of 2030.

SHA-1 cryptographic algorithm removal by 2030

NIST recommends gradually removing SHA-1 so that it will no longer be used by December 31st, 2030, because it is increasingly vulnerable as computers become more and more powerful. Therefore, it advises replacing it for newer and more secure algorithms such as SHA-2 and SHA-3. Its replacement is particularly important in those cases where collision attacks are critical threats.

“We recommend that anyone relying on SHA-1 for security migrate to SHA-2 or SHA-3 as soon as possible”

— Chris Celi, NIST computer scientist

SHA-1 is still significantly in use, despite being considered an insecure cryptographic hash function for more than a decade.

NIST deprecated its use in 2011, disallowed its use for digital signatures in 2013 and mandated federal agencies in the USA to stop using it for generating digital signatures and any other application requiring collision resistance in 2015. Moreover, in 2017, certification authorities stopped issuing SHA-1 certificates, and major web browsers like Mozilla and big corporations like Microsoft stopped accepting them as well.

NIST’s plan for retiring SHA-1 by 2030 includes:

  • A revision of FIPS 180 to remove the SHA-1 specification (FIPS 180-5).
  • A revision of SP 800-131A and other affected publications.
  • A transition strategy for validating cryptographic modules and algorithms.

SHA versions

SHA, short for Secure Hash Algorithm, is a family of cryptographic standards published by the NIST as a FIPS (United States Federal Information Processing Standard). SHA secures information by performing a complex math operation on the message’s characters and generating a hash — a short string of characters.

Cryptographic algorithmVariantOutput sizeBlock size
SHA-0160 bits512 bits
SHA-1160 bits512 bits
SHA-2SHA-224256 bits512 bits
SHA-2SHA-256256 bits512 bits
SHA-2SHA-384384 bits1024 bits
SHA-2SHA-512512 bits1024 bits
SHA-2SHA-512/224224 bits1024 bits
SHA-2SHA-512/256256 bits1024 bits
SHA-3SHA3-224224 bits1152 bits
SHA-3SHA3-256256 bits1088 bits
SHA-3SHA3-384384 bits832 bits
SHA-3SHA3-512512 bits576 bits
SHA-3SHAKE128d (arbitrary)1344 bits
SHA-3SHAKE256d (arbitrary)1088 bits


The first version of SHA, known as SHA-0, was published in 1993. This version is specified in the FIPS publication 180. Shortly after its release, this hash function was replaced by a revised version due to an undisclosed significant flaw.


The SHA-1 cryptographic hash function was published in 1995. This version is specified in the FIPS publication 180-1. It was one of the first widely used methods for protecting electronic information. It forms part of some popular security applications and protocols, such as SSH and PGP.


The SHA-2 cryptographic algorithm was published in 2001. This version was first specified in the FIPS publication 180-2. The standard was also updated in 2008 in the FIPS publication 180-3 and in 2012 in the FIPS publication 180-4.


SHA-3, published in 2015, is the latest version of the Secure Hash Algorithm. This version is specified in the FIPS publication 202.

Share it on Social Media!