NIST Calls Time on SHA-1, Sets 2030 Deadline
upstart writes:
NIST calls time on SHA-1, sets 2030 deadline:
The US National Institute of Standards and Technology (NIST) says it's time to retire Secure Hash Algorithm-1 (SHA-1), a 27-year-old weak algorithm used in security applications.
"We recommend that anyone relying on SHA-1 for security migrate to SHA-2 or SHA-3 as soon as possible," said NIST computer scientist Chris Celi, in a canned statement on Thursday.
As soon as possible isn't necessarily all that soon: NIST says you should be rid of SHA-1 from your software and systems by December 31, 2030. Meanwhile, the tech industry has largely moved on already.
[...] Despite its known weakness, SHA-1 has shown up in recent years propping up legacy applications and providing shoddy password storage. Microsoft finally got around to dropping SHA-1 from the Windows update process in August 2020.
[...] Celi explains that modules still using SHA-1 after 2030 will be ineligible for purchase by the federal government. Having eight years to submit an update may seem like more than enough time, but Celi warns there may be a backlog of submissions as the deadline nears. Developers wishing to avoid a potential validation delay should submit revised code sooner rather than later.
Read more of this story at SoylentNews.