Secure Hash Algorithm 3, SHA-3

The SHA-3 standard was released by NIST on 5th August 2015. SHA-3 uses the Keccak cryptographic hash designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche. SHA-3 was developed as a backup to SHA-2, rather than a replacement, in case any unexpected security weaknesses are found in SHA-2.

SHA-1 is no longer considered secure. Marc Stevens, Pierre Karpman and Thomas Peyrin used the Amazon-powered 64-GPU cluster, dubbed The Kraken, to run freestart collision targeting of the SHA-1 internal compression function. Their process, The SHAppening, took just 10 days to break SHA-1.

Google has announced that the Chrome web browser will warn users if a site is signed with an SHA-1 certificate, and Chrome will stop supporting SHA-1 certificates by 2017. Microsoft is following the same approach for Internet Explorer. However Facebook and Cloudflare are advocating a more graceful retirement so that browsers that are unable to upgrade to SHA-2 will continue to work.