SHA-1 is now considered obsolete and its use is planned to be phased out by 2030

The US National Institute of Standards and Technology. (NIST) has declared that the SHA-1 hash algorithm is deprecated, not secure, and its use is not recommended, it is mentioned that it is planned to phase out the use of SHA-1 until December 31, 2030 and switch entirely to more secure SHA-2 and SHA-3 algorithms.

SHA-1 was one of the first widely used methods For data protection, SHA-1, which stands for "secure hash algorithm," has been used since 1995 as part of the Federal Information Processing Standard (FIPS) 180-1.

It is a slightly modified version of SHA, the first hash function the federal government standardized for widespread use in 1993. Since today's increasingly powerful computers can attack the algorithm, NIST announces that SHA-1 should be removed by December 31. , 2030, in favor of the more secure SHA-2 and SHA-3 algorithm groups.

“We recommend that anyone who relies on SHA-1 for security migrate to SHA-2 or SHA-3 as soon as possible,” said Chris Celi, a NIST computer scientist.

Cryptographic modules that support SHA-1 will not be able to pass the next test at NIST and their delivery to US government agencies will be impossible (the certificate is granted only for five years, after which a retest is required) .

In 2005, the theoretical possibility of an attack on SHA-1 was verified. In 2017, the first practical collision attack with a given prefix for SHA-1 was demonstrated, which allows two different data sets to select additions, the connection of which will lead to a collision and the formation of the same resulting hash (for example, for two existing documents, two additions can be computed, and if one is attached to the first document and the other to the second, the resulting SHA-1 hashes for these files will be the same).

As attacks on SHA-1 in other applications have become increasingly serious, NIST will stop using SHA-1 in its last remaining specified protocols by December 31, 2030. By that date, NIST plans to:

Publish FIPS 180-5 (a revision of FIPS 180) to remove the SHA-1 specification.
Revise SP 800-131A and other affected NIST publications to reflect the planned retirement of SHA-1.
Create and publish a transition strategy to validate cryptographic algorithms and modules.  
The last item refers to NIST's Cryptographic Module Validation Program (CMVP), which tests whether modules, the building blocks that make up a functional encryption system, work effectively. All cryptographic modules used in federal encryption must be validated every five years, so SHA-1's status change will affect companies that develop modules.

In 2019, the collision detection method was significantly improved and the cost of carrying out an attack was reduced to several tens of thousands of dollars. In 2020, a working attack to create dummy PGP and GnuPG digital signatures was demonstrated.

“The federal government will not allow the purchase of modules that still use SHA-1 after 2030,” Celi said. “Enterprises have eight years to submit updated modules that no longer use SHA-1. Because there is often a backlog of submissions before the deadline, we recommend that developers submit their updated modules well in advance, so that CMVP has time to respond."

Since 2011, SHA-1 has been deprecated for use in digital signatures, and in 2017 all major web browsers stopped supporting certificates signed with the SHA-1 hash algorithm. However, SHA-1 is still used for checksums, and there are over 2200 certified SHA-1-enabled cryptographic modules and libraries in the NIST database.

Finally, it should be remembered that for on December 31, 2030, all current NIST specifications and protocols will no longer use SHA-1. The end of the SHA-1 specification will be reflected in the new federal standard FIPS 180-5. In addition, changes will be made to related specifications, such as SP 800-131A, from which the mention of SHA-1 will be removed.

If you are interested in learning more about it, you can consult the details at the following link.