The National Institute of Standards and Technology retired one of the first widely used cryptographic algorithms, citing vulnerabilities that make further use inadvisable, Thursday.
SHA-1 became part of the Federal Information Processing Standard (FIPS 180-1) in 1995, and its limited use by security applications like website validators continues despite increasingly severe attacks on it by more powerful computers. NIST’s recommendation comes on the heels of the White House’s aggressive deadlines for agencies to develop post-quantum cryptography strategies, given concerns quantum computers capable of cracking the traditional public-key encryption most systems rely on may go live anywhere from three years to a decade from now.
“Modules that still use SHA-1 after 2030 will not be permitted for purchase by the federal government,” said Chris Celi, NIST computer scientist, in the announcement. “Companies have eight years to submit updated modules that no longer use SHA-1.”
NIST’s Cryptographic Module Validation Program (CMVP) assesses whether modules, the building blocks of encryption systems, used in federal encryption work effectively every five years.
The agency plans to publish a transition strategy for validating cryptographic modules and algorithms before Dec. 31, 2030.
“Because there is often a backlog of submissions before a deadline, we recommend that developers submit their updated modules well in advance so that CMVP has time to respond,” Celi said.
NIST also intends to publish a FIPS revision, FIPS 180-5, and revise other publications affected by SHA-1’s retirement by its deadline.
SHA-1 secures information by performing a complex math operation on the characters of a message to produce a short string of characters called a hash. While the original message can’t be reconstructed with just the hash, knowing the hash lets the recipient check if the message was compromised because even a slight change alters the hash significantly.
Recent collision attacks use today’s more sophisticated computers to create fraudulent messages that recreate the original hash to compromise the message. NIST already warned agencies against using SHA-1 to protect critical processes like the creation of digital signatures.