A cryptographic hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest — typically rendered as a hexadecimal number, 40 digits long.
A cryptographic hash function(sometimes called ‘digest’) is a kind of ‘signature’ for a text or a data file which generates an almost-unique 256-bit (32-byte) signature for a text.
Which one to use?
Cryptology Group at Centrum Wiskunde & Informatica (CWI) — the national research institute for mathematics and computer science in the Netherlands — and the Google Research Security, Privacy and Anti-abuse Group has proved that SHA-1 is broken.
They proved that it is practically possible to craft two colliding PDF files and obtain a SHA-1 digital signature on the first PDF file which can also be abused as a valid signature on the second PDF file.
Today, many applications still rely on SHA-1, even though theoretical attacks have been known since 2005, and SHA-1 was officially deprecated by NIST( National Institute of Standards and Technology) in 2011. We hope our practical attack on SHA-1 will increase awareness and convince the industry to quickly move to safer alteratives, such as SHA-256.
You can use our file tester above to check your files. If you use Chrome, you will be automatically protected from insecure TLS/SSL certificates, and Firefox has this feature planned for early 2017 has quickly reacted to this announcement, and deprecated SHA-1 as of February 24th, 2017.
Starting from version 56, released in January 2017, Chrome will consider any website protected with a SHA-1 certificate as insecure. Firefox has this feature planned for early 2017 has deprecated SHA-1 as of February 24th, 2017.