SHA-1 cryptographic algorithm has reached its end of useful life, after 27 years since its publication. The National Institute of Standards and Technology (NIST) recommends replacing it for newer, more secure algorithms like SHA-2 and SHA-3. It aims for the SHA-1 hash function to be completely phased out by the end of 2030.
SHA-1 cryptographic algorithm removal by 2030
NIST recommends gradually removing SHA-1 so that it will no longer be used by December 31st, 2030, because it is increasingly vulnerable as computers become more and more powerful. Therefore, it advises replacing it for newer and more secure algorithms such as SHA-2 and SHA-3. Its replacement is particularly important in those cases where collision attacks are critical threats.
“We recommend that anyone relying on SHA-1 for security migrate to SHA-2 or SHA-3 as soon as possible”
— Chris Celi, NIST computer scientist
SHA-1 is still significantly in use, despite being considered an insecure cryptographic hash function for more than a decade.
NIST deprecated its use in 2011, disallowed its use for digital signatures in 2013 and mandated federal agencies in the USA to stop using it for generating digital signatures and any other application requiring collision resistance in 2015. Moreover, in 2017, certification authorities stopped issuing SHA-1 certificates, and major web browsers like Mozilla and big corporations like Microsoft stopped accepting them as well.
NIST’s plan for retiring SHA-1 by 2030 includes:
- A revision of FIPS 180 to remove the SHA-1 specification (FIPS 180-5).
- A revision of SP 800-131A and other affected publications.
- A transition strategy for validating cryptographic modules and algorithms.
SHA versions
SHA, short for Secure Hash Algorithm, is a family of cryptographic standards published by the NIST as a FIPS (United States Federal Information Processing Standard). SHA secures information by performing a complex math operation on the message’s characters and generating a hash — a short string of characters.
| Cryptographic algorithm | Variant | Output size | Block size |
| SHA-0 | – | 160 bits | 512 bits |
| SHA-1 | – | 160 bits | 512 bits |
| SHA-2 | SHA-224 | 256 bits | 512 bits |
| SHA-2 | SHA-256 | 256 bits | 512 bits |
| SHA-2 | SHA-384 | 384 bits | 1024 bits |
| SHA-2 | SHA-512 | 512 bits | 1024 bits |
| SHA-2 | SHA-512/224 | 224 bits | 1024 bits |
| SHA-2 | SHA-512/256 | 256 bits | 1024 bits |
| SHA-3 | SHA3-224 | 224 bits | 1152 bits |
| SHA-3 | SHA3-256 | 256 bits | 1088 bits |
| SHA-3 | SHA3-384 | 384 bits | 832 bits |
| SHA-3 | SHA3-512 | 512 bits | 576 bits |
| SHA-3 | SHAKE128 | d (arbitrary) | 1344 bits |
| SHA-3 | SHAKE256 | d (arbitrary) | 1088 bits |
SHA-0
The first version of SHA, known as SHA-0, was published in 1993. This version is specified in the FIPS publication 180. Shortly after its release, this hash function was replaced by a revised version due to an undisclosed significant flaw.
SHA-1
The SHA-1 cryptographic hash function was published in 1995. This version is specified in the FIPS publication 180-1. It was one of the first widely used methods for protecting electronic information. It forms part of some popular security applications and protocols, such as SSH and PGP.
SHA-2
The SHA-2 cryptographic algorithm was published in 2001. This version was first specified in the FIPS publication 180-2. The standard was also updated in 2008 in the FIPS publication 180-3 and in 2012 in the FIPS publication 180-4.
SHA-3
SHA-3, published in 2015, is the latest version of the Secure Hash Algorithm. This version is specified in the FIPS publication 202.
