© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Veteran hash algorithm retired by NIST


The National Institute of Standards and Technology (NIST) has decided to discontinue a data-protecting algorithm after nearly 30 years, citing cryptographic vulnerabilities.

“The SHA-1 algorithm, one of the first widely used methods of protecting electronic information, has reached the end of its useful life,” said NIST, after its researchers observed that the secure hash algorithm had become increasingly targeted by more sophisticated forms of malware since its inception in 1995.

This previously led NIST to advise federal government bodies to stop using it, and now it has decided to discontinue the algorithm altogether, citing attacks on SHA-1 elsewhere that have become “increasingly severe.”

“Today’s more powerful computers can create fraudulent messages that result in the same hash as the original, potentially compromising the authentic message,” it said. “These ‘collision’ attacks have been used to undermine SHA-1 in recent years.”

However, the discontinuation is more of a drawdown than an outright pullout, with SHA-1 not set to be completely expunged from computing before 2030.

By that date, NIST intends to publish an updated version of its digital signature-creating algorithms to remove SHA-1, as well as a transition plan that allows cryptographic modules to be validated under a new system.

The latter refers to a NIST program that determines whether modules – essentially the “building blocks” of a functioning encryption system – work effectively.

“All cryptographic modules used in federal encryption must be validated every five years, so SHA-1’s status change will affect companies that develop modules,” said NIST.

Affected organizations will have until the 2030 deadline to submit updated modules that no longer incorporate SHA-1 to comply with the new rules.  


More from Cybernews:

Musk’s Twitter takeover shifted who’s controlling malware

Eight men indicted for running “pump and dump” fraud scheme on Twitter and Discord

With new Tesla safety concerns, are we witnessing a rise of security hazards?

Royal ransomware: mysterious gang behind Silverstone Circuit attack

US hardens China stance with yet more blacklists

Subscribe to our newsletter


Leave a Reply

Your email address will not be published. Required fields are marked