Friday, December 16, 2022

NIST Transitioning Away from SHA-1 for All Applications

 NIST is introducing a plan to transition away from the current limited use of the Secure Hash Algorithm 1 (SHA-1) hash function. Other approved hash functions are already available. The transition will be completed by December 31, 2030, and NIST will engage with stakeholders throughout the transition process. See the full announcement for more details.

Before December 31, 2030, NIST plans to:

  • Publish Federal Information Processing Standard (FIPS) 180-5 (a revision of FIPS 180) to remove the SHA-1 specification,
  • Revise NIST Special Publication (SP) 800-131A and other affected NIST publications to reflect the planned withdrawal of SHA-1, and
  • Create and publish a transition strategy for the Cryptographic Module Validation Program (CMVP) and the Cryptographic Algorithm Validation Program (CAVP).

Throughout this process, NIST will actively engage with government agencies, validation testing laboratories, vendors, Standards Developing Organizations, sector/industry organizations, users, and other stakeholders to minimize potential impacts and facilitate a smooth transition.

NIST encourages these entities to begin planning for this transition now. By completing their transition before December 31, 2030, stakeholders – particularly cryptographic module vendors – can help minimize potential delays in the validation process.

Contact

Send questions about the transition in an email to sha-1-transition@nist.gov. Visit the Policy on Hash Functions page on CSRC to learn more.

Read More