NIST is introducing a plan to transition away from the current
limited use of the Secure Hash Algorithm 1 (SHA-1) hash function. Other
approved hash functions are already available. The transition will be completed
by December 31, 2030, and NIST will engage with stakeholders throughout the
transition process. See the full
announcement for more details.
Before December 31, 2030, NIST plans to:
- Publish Federal Information
Processing Standard (FIPS) 180-5 (a revision of FIPS 180) to remove the
SHA-1 specification, - Revise NIST Special
Publication (SP) 800-131A and other affected NIST publications
to reflect the planned withdrawal of SHA-1, and - Create and publish a transition
strategy for the Cryptographic Module Validation Program (CMVP) and the
Cryptographic Algorithm Validation Program (CAVP).
Throughout this process, NIST will actively engage with government
agencies, validation testing laboratories, vendors, Standards Developing
Organizations, sector/industry organizations, users, and other stakeholders to
minimize potential impacts and facilitate a smooth transition.
NIST encourages these entities to begin planning for this
transition now. By completing their transition before
December 31, 2030, stakeholders – particularly cryptographic module vendors –
can help minimize potential delays in the validation process.
Contact
Send questions about the transition in an email to sha-1-transition@nist.gov. Visit the Policy on Hash
Functions page on CSRC to learn more.