What is SHA-1?
SHA-1 is one of the cryptographic hash functions used for applications like authentication and digital signatures. It was designed by the U.S. National Security Agency (NSA) and standardized in 1995 by the National Institute of Standards and Technology (NIST) as FIPS PUB 180-4.
A hash function is a function that generates a numerical value (hash value) representing given data. Hash functions with cryptographic properties suitable for security applications are called cryptographic hash functions. The value generated by cryptographic hash functions is known as the message digest. When exchanging messages, both the sender and receiver create message digests based on the original data and compare them to detect potential tampering during transmission.
SHA stands for Secure Hash Algorithm, and there are four versions available: SHA-0, SHA-1, SHA-2, and SHA-3. SHA-1, released in 1993 as a successor to address issues identified in SHA-0, has been widely adopted by numerous applications and protocols utilizing encryption. Examples include IPsec, SSL/TLS, SSH, and S/MIME. Later versions, SHA-2 and SHA-3, were released in 2001 and 2015, respectively.
While SHA-1 was widely used, an attack method discovered in 2005 revealed its insufficient security. The U.S. government issued a recommendation to discontinue the use of SHA-1 in related systems by the end of 2013. In the web browser space, Microsoft announced in June 2016 that it would display warnings for SSL server certificates using SHA-1, and Google stated that it would show errors for SHA-1 server certificates issued after January 1, 2016. Websites still using SHA-1 SSL server certificates are encouraged to migrate to SHA-2 immediately.