Today we mourn the passing of a beloved old friend, SHA-1, who has been with us for many years. He was born as SHA to his parents NSA and NIST in 1993. A dire birth defect foreshadowed only short time to live. But thanks to a daring surgery switching the direction of one shift operation his health was drastically improved and SHA was reborn as SHA-1.
Today, together with his siblings he taught us such valuable lessons as:
- Error detection is easy if done right
- Small changes can have large effects
- Fast is not always good
- And to always hash passwords in storage.
SHA-1 lived by simple, sound cryptographic policies (Shift, XOR, Combine, Repeat) and reliable strategies (And round, and round, and round).
His health began to deteriorate rapidly when well-intentioned but overbearing cryptographers attacked.
Reports of collision attacks in 2^^69 and later 2^^63 operations as well as further advances making up to 25% of the message irrelevant only worsened his condition in 2005.
SHA-1 lost further ground when security researchers doing their job announced a free start collision in 2015. Estimates for SHA-1’s remaining live span were diminishing rapidly promising only months to a few years left.
SHA-1 lost the will to live as people lost faith in its strength to protect their signatures.
SHA-1 took a beating when browsers finally began to bully it in 2016 by ignoring its signatures.
SHA-1 finally gave up the will to live, after researchers fabricated colour-schemed PDF documents just to make a point. They shattered the IT world, and promptly became even more famous.
SHA-1 was preceded in death,
- by his nephews, MD4 and MD5,
- by his wife, RIPEMD,
- by his aunt, Snefru,
- by his uncle, HAVAL.
He is survived by his 5 stepbrothers;
Not many attended his funeral because so few realized he was already gone. If you still remember him, pass this on. If not, join the majority and do nothing.
May people have mercy with its legacy and finally set SHA-1 to rest in peace.