LLMpediaThe first transparent, open encyclopedia generated by LLMs

SHA-1

Generated by DeepSeek V3.2
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: SRI International Hop 3
Expansion Funnel Raw 43 → Dedup 19 → NER 14 → Enqueued 14
1. Extracted43
2. After dedup19 (None)
3. After NER14 (None)
Rejected: 5 (not NE: 5)
4. Enqueued14 (None)
SHA-1
NameSHA-1
DesignersNational Security Agency
Publish date1995
SeriesSHA-0, SHA-2, SHA-3
Digest sizes160 bits
StructureMerkle–Damgård construction
Rounds80

SHA-1. The Secure Hash Algorithm 1 is a cryptographic hash function designed by the National Security Agency and published by NIST as a Federal Information Processing Standard. It produces a 160-bit hash value known as a message digest and was widely adopted for securing sensitive data and verifying integrity. Following significant cryptanalytic breakthroughs, it is now considered cryptographically broken and deprecated for most security purposes.

Overview

Developed as part of the U.S. government's Capstone project, it was intended to be a secure successor to the earlier SHA-0 algorithm. The function was standardized in 1995 under FIPS 180-1 and quickly became integral to numerous Internet protocols and security schemes. Its design follows the classic Merkle–Damgård construction, processing input messages in blocks to produce a fixed-size output. For over a decade, it was the cornerstone of digital security in systems like TLS and SSH.

Algorithm

The algorithm begins by preprocessing the input message with padding and length encoding, consistent with other Merkle–Damgård-based functions. The core compression function operates on a 512-bit message block and a 160-bit chaining value, utilizing a sequence of 80 rounds. Each round employs bitwise Boolean operations and modular addition, guided by a set of nonlinear functions and predefined constants. The internal state is updated through a series of bitwise rotations and expansions of the message schedule, ultimately outputting the final hash after processing all blocks.

Security and cryptanalysis

Theoretical weaknesses were identified early by researchers like Eli Biham and Rafail Ostrovsky, but practical attacks remained out of reach for years. A major breakthrough occurred in 2005 when a team led by Xiaoyun Wang demonstrated a collision attack with a complexity far below the expected birthday attack strength. This work spurred intensified global research, culminating in the 2017 SHAttered project, a practical collision demonstrated by Google and the CWI Amsterdam. These attacks fundamentally undermined the collision resistance property essential for security in digital signature schemes and certificate authorities.

Applications and usage

Despite its vulnerabilities, it saw pervasive implementation in critical infrastructure throughout the late 1990s and 2000s. It was the default hash function for verifying software updates in systems like Microsoft Windows Update and Apple iOS. The algorithm formed the basis for HMAC constructions in protocols including IPsec and TLS. Its use in Git for commit integrity and in PGP for fingerprinting keys created significant legacy dependencies. Many X.509 certificates issued by VeriSign and other authorities relied on it for signing.

Deprecation and legacy

Formal deprecation began with announcements from NIST and major technology firms, including Microsoft, Google, and Mozilla, which phased out support in their browsers and operating systems. The CA/Browser Forum mandated that certificate authorities cease issuing new X.509 certificates using the algorithm by 2016. Migration efforts have largely shifted the industry toward stronger functions like SHA-256 and SHA-3. Its continued use in legacy systems, such as certain hardware security modules and older versions of Git, presents ongoing security challenges for system administrators.

Category:Cryptographic hash functions Category:Computer security standards Category:National Security Agency