Two open-source Secure Shell libraries have ended support for Secure Hash Algorithm 1 (SHA-1), which has been used for the past 20 years to verify the integrity of software, digital signatures, and other data, due to longstanding security concerns Ars

Ars Technica reports that developers using the OpenSSH and Libssh libraries will no longer be able to use SHA-1 for digitally signing cryptographic keys starting this week

The announcement came in the form of release notes and code updates published by OpenSSH and libssh, confirming the end of SHA-1 for many

SHA-1 is a cryptographic hash function first developed in 1995 and used to generate a "digest" of a hash This digest can be distinguished by message, file, and function

Any string or data theoretically generates a unique SHA-1 hash In other words, the input "password" will produce the hash output "5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8"

However, the input "Password" with a capital P gives a completely different output of "8BE3C943B1609FFFBFC51AAD666D0A04ADF83C9D"

While SHA-1 has proven useful to many people, researchers have shown how it can be leveraged by cybercriminals to create forged digital signatures

In 2005, it was demonstrated that with sufficient computing power, it is possible to find two different inputs that yield the same SHA-1 output This means that a relatively unobtrusive attacker can spoof a cryptographic signature using SHA-1

This year, SHA-1 has certainly come to an end; in January, researchers identified a new collision attack at a cost of only $45,000

This attack is a "chosen-prefix" attack, which is very serious because it is possible to modify existing input and still obtain the same SHA-1 hash An attacker can use this method to alter documents or software in such a way as to pass SHA-1-based integrity checks

In its explanation for removing SHA-1, OpenSSH mentions this research: "It is now possible to perform a chosened-prefix attack against the SHA-1 algorithm for less than US$50,000 For this reason, we plan to disable the 'ssh-rsa' public key signature algorithm by default in a near future release"

OpenSSH further noted that there are better alternatives, including the RSA SHA-2 signature algorithm rsa-sha2-256/512 from RFC8332 These algorithms have the advantage of using the same key type as "ssh-rsa", but use the secure SHA-2 hashing algorithm [These have been supported since OpenSSH 72 and are already in use by default if the client and server support them