SHA-1 has not been secure for a very long time, but I still can see it here.
Where in the FIPS documents did it state that SHA-1 is not secure?
Asked
Active
Viewed 5,737 times
1 Answers
9
Much of what NIST publishes about cryptographic algorithms is in Special Publications. In this case it is SP 800-131 (pdf) where they describe transitioning away from old algorithms and key sizes.
Pages 14-15 have the hash function specific information:
SHA-1 for digital signature generation:
SHA-1 may only be used for digital signature generation where specifically allowed by NIST protocol-specific guidance. For all other applications, SHA-1 shall not be used for digital signature generation.
SHA-1 for digital signature verification:
For digital signature verification, SHA-1 is allowed for legacy-use.
SHA-1 for non-digital signature applications:
For all other hash function applications, the use of SHA-1 is acceptable. The other applications include HMAC, Key Derivation Functions (KDFs), Random Bit Generation, and hash-only applications (e.g., hashing passwords and using SHA-1 to compute a checksum, such as the approved integrity technique specified in Section 4.6.1 of [FIPS 140]).
FIPS 140, being the document you linked in the question, points to this document for guidance.
