Tech

NIST stops using SHA-1 cryptographic algorithm due to vulnerabilities


NIST stops using SHA-1 cryptographic algorithm due to vulnerabilities

NIST recommends that anyone relying on SHA-1 for security switch to the more secure SHA-2 and SHA-3 algorithm groups. Credit: B. Hayes/NIST

The SHA-1 algorithm, one of the first widely used methods to protect electronic information, has expired, according to security experts at the National Institute of Standards and Technology (NIST). ). The agency is now recommending that IT professionals replace SHA-1, in the limited circumstances where it is still used, with newer, more secure algorithms.

SHA-1, which stands for “secure hash algorithm,” has been in use since 1995 as part of Federal Information Processing Standard (FIPS) 180-1. It is a slightly modified version of SHA, the first hash function federal government standardized for widespread use in 1993. As today’s increasingly powerful computers can attack algorithmNIST announced that SHA-1 will be phased out by December 31, 2030, to be replaced by the more secure SHA-2 and SHA-3 algorithm groups.

“We recommend that anyone who relies on SHA-1 for security switch to SHA-2 or SHA-3 as soon as possible,” said NIST computer scientist Chris Celi.

SHA-1 has served as a building block for many security applications, such as website authentication—so that when you load a web page, you can trust that the source is believed to be genuine. It secures information by performing complex math on the characters of the message, producing a short string of characters called a hash. It is not possible to reconstruct the original message from the hash itself, but knowing the hash provides an easy way for the recipient to check if the original message has been compromised, since even a small change to the message The message also significantly changes the resulting hash.

More today powerful computer can generate deceptive messages that result in the same hash as the original message, potentially affecting the validation message. These “collision” attacks have been used to weaken SHA-1 In recent years. NIST had previously announced that federal agencies SHA-1 should be discontinued in situations where collision attacks are a serious threat, such as for digital signature creation.

As attacks on SHA-1 in other applications become increasingly severe, NIST will discontinue use of SHA-1 in the last remaining specified protocols by December 31, 2030. That being said, NIST plans to:

  • Published FIPS 180-5 (revised of FIPS 180) to remove the SHA-1 spec.
  • Review SP 800-131A and other affected NIST publications to reflect the SHA-1 recall plan.
  • Create and publish a transformation strategy for validating cryptographic algorithms and modules.

The last entry refers to the NIST Cryptographic Modules Validation Program (CMVP), which evaluates whether modules — House form a functional coding system—that works. All cryptographic modules used in federal encryption must be authenticated every 5 years, so the change in SHA-1 status will affect the companies that develop the modules. .

“Modules that still use SHA-1 after 2030 will not be authorized for purchase by the federal government,” Celi said. “Companies with eight years to submit updated modules no longer use SHA-1. Because there is often a backlog of submissions ahead of time, we recommend that developers submit applications ahead of time. their updated module so that CMVP has a response time.”

More information:
Questions about the transition can be sent to [email protected]. More information is available at NIST Forward page Computer Security Resource Center.

quote: NIST deprecated SHA-1 cryptographic algorithm due to vulnerabilities (2022, Dec 16) retrieved Dec 16, 2022 from https://techxplore.com/news/2022-12-nist- sha-cryptographic-algorithm-due.html

This document is the subject for the collection of authors. Other than any fair dealing for private learning or research purposes, no part may be reproduced without written permission. The content provided is for informational purposes only.

news7f

News7F: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, Sports...at the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button