Guides / SHA-1

SHA-1 Algorithm

From NSA Design to Deprecation: The Rise and Fall of SHA-1

Deprecation Notice

SHA-1 is deprecated by NIST and major browser vendors. While not as broken as MD5, practical collision attacks exist. Migrate to SHA-256 or SHA-512 for new applications.

What is SHA-1?

SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function designed by the National Security Agency (NSA) and published by NIST in 1995. It produces a 160-bit (20-byte) hash value, commonly rendered as a 40-digit hexadecimal number. SHA-1 was widely used for digital signatures, certificates, and version control systems.

How SHA-1 Works

SHA-1 processes messages in 512-bit blocks using the Merkle-Damgård construction:

  1. Message Padding: Input is padded to be 448 bits modulo 512
  2. Length Append: Original message length (64 bits) is appended
  3. State Initialization: Five 32-bit working variables initialized with constants
  4. Main Loop: 80 rounds of operations divided into four 20-round stages
  5. Compression: Message schedule and non-linear functions process each block
  6. Output: Final 160-bit hash from concatenating the five variables

Key Properties

  • Output Size: 160 bits (40 hex characters)
  • Block Size: 512 bits
  • Rounds: 80 rounds total
  • Internal State: Five 32-bit words
  • Security Level: ~80 bits (theoretical)

Collision Attacks Timeline

Theoretical Attacks (2005)

In 2005, researchers at Shandong University published attacks finding collisions in 2^69 operations, much faster than the theoretical 2^80 for a secure 160-bit hash.

Practical Collisions (2017)

The SHAttered attack by Google and CWI demonstrated the first practical collision: two different PDF files with identical SHA-1 hashes. This took the equivalent of 6,500 years of CPU computation.

Chosen-Prefix Collisions (2020)

Researchers achieved chosen-prefix collisions with just 2^63.4 operations, making attacks practical for well-funded adversaries.

Deprecation Status

SHA-1 has been formally deprecated by:

  • NIST: Disallowed for government use since 2010
  • Microsoft: Stopped accepting SHA-1 certificates in 2017
  • Google: Chrome marks SHA-1 certificates as insecure
  • Mozilla: Firefox rejects SHA-1 certificates
  • Git: Working on SHA-256 migration

Migration Path

If you're still using SHA-1, migrate to SHA-256 or SHA-512:

  • Update SSL/TLS certificates
  • Migrate code signing to SHA-256
  • Update document signing workflows
  • Replace file integrity systems

Try SHA-1 in Action

While deprecated for security use, SHA-1 is still useful for understanding hash functions or checking legacy file hashes.

Try SHA-1 Calculator

Key Takeaways

  • SHA-1 is deprecated and should not be used for new applications
  • Practical collision attacks demonstrated since 2017
  • Migrate to SHA-256 or SHA-512 for all security applications
💡 Have any idea?