NIST retires an early cryptographic algorithm

Modules that still use SHA-1 after 2030 will not be permitted for purchase by the federal government.
(NIST photo)

The National Institute of Standards and Technology retired one of the first widely used cryptographic algorithms, citing vulnerabilities that make further use inadvisable, Thursday.

NIST recommended IT professionals replace Secure Hash Algorithm 1 (SHA-1) with more secure algorithms from the SHA-2 and SHA-3 groups to protect electronic information by Dec. 31, 2030.

SHA-1 became part of the Federal Information Processing Standard (FIPS 180-1) in 1995, and its limited use by security applications like website validators continues despite increasingly severe attacks on it by more powerful computers. NIST’s recommendation comes on the heels of the White House’s aggressive deadlines for agencies to develop post-quantum cryptography strategies, given concerns quantum computers capable of cracking the traditional public-key encryption most systems rely on may go live anywhere from three years to a decade from now.

“Modules that still use SHA-1 after 2030 will not be permitted for purchase by the federal government,” said Chris Celi, NIST computer scientist, in the announcement. “Companies have eight years to submit updated modules that no longer use SHA-1.”


NIST’s Cryptographic Module Validation Program (CMVP) assesses whether modules, the building blocks of encryption systems, used in federal encryption work effectively every five years.

The agency plans to publish a transition strategy for validating cryptographic modules and algorithms before Dec. 31, 2030.

“Because there is often a backlog of submissions before a deadline, we recommend that developers submit their updated modules well in advance so that CMVP has time to respond,” Celi said.

NIST also intends to publish a FIPS revision, FIPS 180-5, and revise other publications affected by SHA-1’s retirement by its deadline.

SHA-1 secures information by performing a complex math operation on the characters of a message to produce a short string of characters called a hash. While the original message can’t be reconstructed with just the hash, knowing the hash lets the recipient check if the message was compromised because even a slight change alters the hash significantly.


Recent collision attacks use today’s more sophisticated computers to create fraudulent messages that recreate the original hash to compromise the message. NIST already warned agencies against using SHA-1 to protect critical processes like the creation of digital signatures.

Dave Nyczepir

Written by Dave Nyczepir

Dave Nyczepir is a technology reporter for FedScoop. He was previously the news editor for Route Fifty and, before that, the education reporter for The Desert Sun newspaper in Palm Springs, California. He covered the 2012 campaign cycle as the staff writer for Campaigns & Elections magazine and Maryland’s 2012 legislative session as the politics reporter for Capital News Service at the University of Maryland, College Park, where he earned his master’s of journalism.

Latest Podcasts