(ISC)2 Certified in Cybersecurity Practice Exam

SHA-1 is considered to be deprecated primarily due to its vulnerabilities to collision attacks. A hash function is deemed secure only if it is computationally infeasible to find two different inputs that produce the same hash output (a collision). Over the years, as computational power has increased, researchers have demonstrated that it is indeed possible to generate collisions with SHA-1 much more easily than originally anticipated.

Organizations and standards bodies, including NIST (National Institute of Standards and Technology), have recommended moving away from SHA-1 to more secure alternatives, such as SHA-2 or SHA-3, which offer improved security features and resistance to such attacks. This transition is crucial for ensuring that cryptographic signatures and other security mechanisms remain reliable.

In contrast, SHA-2 is still actively recommended for various security applications due to its enhanced robustness. RIPEMD, while less common, is not widely declared deprecated but has not been as prominent as SHA-2. HMAC (Hash-based Message Authentication Code) is not a hash function by itself, but rather a construction for creating a message authentication code based on a cryptographic hash function, and remains in active use with secure hash functions.