No More SHA1 Function in PHP
Due to vulnerabilities, it is not advisable to continue using this old-time cryptographic hash function.
tl;dr NIST just retired the popular sha1 function! — source
Security experts at the National Institute of Standards and Technology (NIST) have declared that the SHA-1 algorithm has reached the end of its life.
“Secure Hash Algorithm” (abbr. SHA) was one of the first widely used methods of protecting electronic information.
NIST is now suggesting that IT professionals transition to newer, more secure algorithms in the rare cases where SHA-1 is still in use.
According to NIST:
attacks on SHA-1 in other applications have become increasingly severe (…)
Recent collision attacks have demonstrated that modern computers can create fraudulent messages that produce the same hash as the original, potentially compromising the authenticity of the message.
NIST has previously stated that federal agencies in USA should stop using SHA-1 in cases where collision attacks pose a significant threat, such as for digital signature creation.