“No legacy is so rich as honesty” (William Shakespeare)
In the August Assessor newsletter, the PCI Security Standard Council emphasized what NIST already emphasized back in January 2015: SHA-1 is not strong cryptography anymore.
The latest revision of NIST SP800-131A, Revision 1 dated July 2015 has put SHA-1 in the grave when it comes to digital signature generation.
Do not worry though; you can still use it for legacy purposes in the following cases:
- SHA-1 for digital signature generation: SHA-1 may be used for digital signature generation in the Transport Layer Security (TLS) handshake (see [SP 800-52] for more information). For all other applications, SHA-1 shall not be used for digital signature generation.
- SHA-1 for digital signature verification: For digital signature verification, SHA-1 is allowed for legacy-use.
- SHA-1 for non-digital signature applications: For all other hash function applications, the use of SHA-1 is acceptable. The other applications include HMAC, Key Derivation Functions (KDFs), Random Bit Generation, and hash-only applications (e.g., hashing passwords and using SHA-1 to compute a checksum).
And here is a nice table that sums up what is expressed above (full document here):