Ruby » Ruby master

In light of the widespread deprecation of SHA1 due to collision risk it poses, should Ruby still expose it without a warning within Digest::SHA1?

FIPS PUB 180-1 which is referenced by the Digest::SHA1 documentation was withdraw on August 01, 2002, superseded by FIPS 180-2 (which introduced SHA-256, SHA-384, and SHA-512), and later withdrawn and superseded multiple times until FIPS 180-4 which recommends SHA3.

SHA3 isn't currently supported by the Digest class although there exists Ruby gem implementations:

• https://github.com/johanns/sha3
• https://github.com/phusion/digest-sha3-ruby

References:

• https://mailarchive.ietf.org/arch/msg/openpgp/Rp-inhYKT8A9H5E34iLTrc9I0gc/
• https://csrc.nist.gov/news/2017/research-results-on-sha-1-collisions
• https://csrc.nist.gov/publications/detail/sp/800-131a/rev-1/archive/2015-11-06
• https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final

Quoting from NIST's piece on research regarding SHA1 collisions:

NIST deprecated the use of SHA-1 in 2011 and disallowed its use for digital signatures at the end of 2013, based on both the Wang, et. al, attack and the potential for brute-force attack. To ensure that practitioners have secure and efficient hash algorithms to provide long-term security, NIST organized an international competition to select a new hash algorithm standard, SHA-3, which is specified in FIPS 202.

My recommendation would be to print a deprecation warning when Digest::SHA1 is used to alert Ruby users that they should perhaps upgrade to a safer standard. SHA3 should perhaps be supported by Digest as well.