For many web developers – particularly those interested in security of data – the SHA1 hashing algorithm is a very neat and seemingly secure method of storing one’s passwords, etc. Although i do not claim to know that much about cryptography, the subject has always interested me. When reading my news feeds this morning, i saw that a new version of the as3corelib was released.

I then proceeded to scan the new featues, one of which is an HMAC implementation. This got me curious, since HMAC – as far as i understand it – works on top of SHA-1 or MD5 for example, and doesn’t bother with collisions. This also got me curious as to the progress of the cracking of the SHA-1 algorithm. So i googled it, and found this: http://www.schneier.com/blog/archives/2005/02/sha1_broken.html. Very scary stuff indeed. Then i looked at the date: February 2005 :| ! Does anybody know the current state of the algorithm? Should we all start moving onto HMAC and SHA-256?