SHA-1
What is SHA-1?
SHA-1A cryptographic hash function producing a 160-bit digest, designed by the NSA in 1995 and now considered broken for collision resistance.
SHA-1 (Secure Hash Algorithm 1) is a Merkle-Damgård hash function that takes an arbitrary-length input and returns a 160-bit (20-byte) digest, historically used in TLS certificates, Git, and digital signatures. It was published by NIST in FIPS 180-1 as a successor to SHA-0. In 2017 the SHAttered project produced the first practical collision, and the 2020 SHAmbles chosen-prefix collision attack reduced costs further, so SHA-1 must not be used for signatures, certificates, or integrity contexts requiring collision resistance. Modern systems should use SHA-256, SHA-3, or BLAKE2 instead; SHA-1 remains acceptable only inside legacy HMAC constructions where collision resistance is not required.
● Examples
- 01
Git uses SHA-1 to identify commits and objects (with a transition to SHA-256 underway).
- 02
Older X.509 certificates signed with SHA-1, deprecated by browsers since 2017.
● Frequently asked questions
What is SHA-1?
A cryptographic hash function producing a 160-bit digest, designed by the NSA in 1995 and now considered broken for collision resistance. It belongs to the Cryptography category of cybersecurity.
What does SHA-1 mean?
A cryptographic hash function producing a 160-bit digest, designed by the NSA in 1995 and now considered broken for collision resistance.
How do you defend against SHA-1?
Defences for SHA-1 typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for SHA-1?
Common alternative names include: Secure Hash Algorithm 1, FIPS 180-1.