Security Blog

SHA-1 bye, bye?

“No legacy is so rich as honesty” (William Shakespeare)

In the August Assessor newsletter, the PCI Security Standard Council emphasized what NIST already emphasized back in January 2015: SHA-1 is not strong cryptography anymore.

The latest revision of NIST SP800-131A, Revision 1 dated July 2015 has put SHA-1 in the grave when it comes to digital signature generation.

Do not worry though; you can still use it for legacy purposes in the following cases:

  • SHA-1 for digital signature generation: SHA-1 may be used for digital signature generation in the Transport Layer Security (TLS) handshake (see [SP 800-52] for more information). For all other applications, SHA-1 shall not be used for digital signature generation.
  • SHA-1 for digital signature verification: For digital signature verification, SHA-1 is allowed for legacy-use.
  • SHA-1 for non-digital signature applications: For all other hash function applications, the use of SHA-1 is acceptable. The other applications include HMAC, Key Derivation Functions (KDFs), Random Bit Generation, and hash-only applications (e.g., hashing passwords and using SHA-1 to compute a checksum).

And here is a nice table that sums up what is expressed above (full document here):


  • 24 Solutions AB
  • Smedjegatan 2C
  • SE-13154 Nacka, Sweden
  • +46 (0)8 535 24 100