LLMpediaThe first transparent, open encyclopedia generated by LLMs

SHA-1

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Linus Torvalds Hop 3
Expansion Funnel Raw 83 → Dedup 11 → NER 10 → Enqueued 9
1. Extracted83
2. After dedup11 (None)
3. After NER10 (None)
Rejected: 1 (not NE: 1)
4. Enqueued9 (None)
SHA-1
NameSHA-1
DesignersNational Security Agency, NIST
Published1995
Derived fromSHA-0
Digest size160 bits
Block size512 bits
Rounds80

SHA-1 SHA-1 is a cryptographic hash function producing a 160-bit digest used historically for integrity and authentication in protocols and file formats. It influenced standards and software across Internet Engineering Task Force, ISO/IEC, FIPS, OpenSSL, and Microsoft ecosystems, and its weaknesses prompted responses from RSA Security, Google, CWI Amsterdam, and NIST.

Overview

SHA-1 was standardized by FIPS and specified by NIST after work initiated by the National Security Agency and deployed in products from Microsoft, Apple Inc., Oracle Corporation, IBM, and Linux Foundation distributions. It replaced MD5 in many contexts alongside contemporaries like SHA-2 and influenced successor efforts including SHA-3 and the Keccak competition overseen by NIST. Cryptanalytic research at institutions such as CWI Amsterdam, École Normale Supérieure, University of California, San Diego, and École Polytechnique accelerated community responses from bodies like the IETF and W3C.

Algorithm and Operation

The SHA-1 algorithm processes messages in 512-bit blocks using an internal state of five 32-bit words and a compression function built from bitwise operations and modular additions; this design echoes constructions in MD5 and earlier work from Ron Rivest and RSA Security. Its message schedule expands 16 input words into 80 words across 80 rounds, using constants that were chosen during design discussions involving NSA and standardized by NIST in FIPS publications. The iterative Merkle–Damgård structure relates to constructions studied in research at Stanford University, MIT, ETH Zurich, and Princeton University, and implementation choices affect performance on architectures from Intel x86 to ARM and MIPS processors.

Security Analysis and Vulnerabilities

Security analyses by researchers at CWI Amsterdam, Google, Shandong University, Fudan University, and Microsoft Research showed theoretical collision attacks starting with differential techniques from teams including Xiao Feng, Marc Stevens, Arjen Lenstra, and Wim van Oorschot. Practical collision demonstrations such as the SHA-1 collision announced by Google and CWI Amsterdam validated concerns; these results prompted advisories from NIST, deprecation notices from IETF working groups, and migration guidance from US-CERT and ENISA. Subsequent cryptanalysis exploited structural weaknesses also studied at École Polytechnique, ZheJiang University, and Tsinghua University, leading major vendors like Mozilla Foundation, Apple Inc., and Microsoft to remove or restrict SHA-1 in HTTP, TLS, X.509 certificates, and code-signing workflows.

Implementations and Performance

SHA-1 has been implemented in software libraries and hardware accelerators by projects and vendors including OpenSSL, LibreSSL, BoringSSL, GnuTLS, Microsoft, Apple Inc., Intel, and ARM. Optimized implementations leverage instructions from Intel AES-NI discussions and microarchitecture features in AMD and ARM cores, while embedded implementations appear in devices from Cisco Systems, Juniper Networks, and Netgear. Formal verification and constant-time concerns have been addressed in research from Cornell University, University of Cambridge, École Normale Supérieure, and University of Waterloo to mitigate side-channel risks in smartcards and processors used by Visa, Mastercard, and EMVCo.

Applications and Deprecation

SHA-1 was used in TLS, SSL, SSH, IPsec, PGP, Git, Subversion, X.509 certificates, S/MIME, PDF signing, and archival formats adopted by institutions like NASA, Library of Congress, and European Commission. Following collision results and policy decisions by NIST, IETF, CA/Browser Forum, Mozilla Foundation, and major cloud providers (Google Cloud, Amazon Web Services, Microsoft Azure), SHA-1 was deprecated for new certificates, code-signing, and cryptographic protocols, with migration paths recommending SHA-2 or SHA-3 and transitions managed by organizations such as Let's Encrypt and Internet Society.

Historical Development

SHA-1 evolved from earlier work on hash functions like MD4 and MD5 by Ron Rivest and was specified in a revised standard by NIST in the mid-1990s following initial NSA input. Academic collaborations and adversarial cryptanalysis from groups at CWI Amsterdam, Guido van Rossum-related communities, École Polytechnique, and university labs at Columbia University and University of California, Santa Barbara shaped the timeline that led to published attacks, policy responses by NIST, and industry transitions by vendors including Microsoft, Apple Inc., Google, and Mozilla Foundation.

Category:Cryptographic hash functions