12 Facts About SHA-1

In cryptography, SHA-1 is a cryptographically broken but still widely used hash function which takes an input and produces a 160-bit hash value known as a message digest – typically rendered as 40 hexadecimal digits.

Since 2005, SHA-1 has not been considered secure against well-funded opponents; as of 2010 many organizations have recommended its replacement.

In February 2017, CWI Amsterdam and Google announced they had performed a collision attack against SHA-1, publishing two dissimilar PDF files which produced the same SHA-1 hash.

Microsoft has discontinued SHA-1 code signing support for Windows Update on August 7,2020.

SHA-1 produces a message digest based on principles similar to those used by Ronald L Rivest of MIT in the design of the MD2, MD4 and MD5 message digest algorithms, but generates a larger hash value.

Related searches

SHA-1 was developed as part of the US Government's Capstone project.

SHA-1, which has a 160-bit message digest, was originally thought to have 80-bit strength.

On 17 August 2005, an improvement on the SHA-1 attack was announced on behalf of Xiaoyun Wang, Andrew Yao and Frances Yao at the CRYPTO 2005 Rump Session, lowering the complexity required for finding a collision in SHA-1 to 2.

Christophe De Canniere and Christian Rechberger further improved the attack on SHA-1 in "Finding SHA-1 Characteristics: General Results and Applications, " receiving the Best Paper Award at ASIACRYPT 2006.

On 8 November 2010, he claimed he had a fully working near-collision attack against full SHA-1 working with an estimated complexity equivalent to 2 SHA-1 compressions.

SHA-1 estimated this attack could be extended to a full collision with a complexity around 2.

In particular, it was the first time that an attack on full SHA-1 had been demonstrated; all earlier attacks were too expensive for their authors to carry them out.