Ask HN: Can we still trust SHA-1 and SHA-2 created by NSA?

Yes (at least, as much as we could before; SHA1 in particular has been showing weaknesses). They are still the hash functions that have had the most attention from the academic community, and so far no workable attacks have been found.

SHA-1 should be assumed to be broken in any case.<p>The Flame malware was distributed using a fake certificate that was generated via a brand new (publicly unknown) chosen prefix collision technique against SHA-1.

These aren&#x27;t closed algorithms. They are well understood and explored in-depth by the academic community.

Yes, but you shouldn&#x27;t anyways; SHA-2 is inferior to SHA-3.<p>SHA-3 is the product of a peer-reviewed cryptographic contest.

Why not use Keccak&#x2F;SHA-3 instead, it was developed in an open competition run by NIST with some NSA involvement.<p><a href="http:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;SHA-3" rel="nofollow">http:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;SHA-3</a>

BCrypt is superior to the SHA family of hash algorithms.<p>That should be reason enough not to use SHA.

As much as you could trust them 5 days ago.<p>While SHA-1 should not be trusted too much because it has shown possible theoretical attacks SHA-2 still holds. Also these kind of things are IP - there are a lot of eyeballs and scrutiny going on.<p>There is much bigger chance of fraked up implementation that will make it insecure than the theory - there are a lot of independent researchers that have scrutinized them quite a bit. And while I am sure NSA employs a lot of very capable people they do not hold monopoly on world class cryptographers.