SHA stands for Secure Hash Algorithm. SHA has been published by the National Institute of Standards and Technology (NIST) as a part of the Federal Information Processing Standard (FIPS) FIPS PUB 180-1.

SHA is a cryptographic hash function similar to MD5 and it generates a 160 bit message digest or in other words a hash value from a variable length input.

SHA-1 is the successor of SHA-0. SHA-0 was withdrawn due to severe weaknesses and SHA-1 was introduced which corrected that error. SHA-1 works on 512 bit blocks of data at a time and on 32 bit words.

The output is a 160 bit hash value created as a result of 80 rounds of processing. The internal operations that are carried out in the SHA-1 algorithm are +, and, or, xor, not.

Up until 2005 SHA-1 was considered to be quite secure, but that changed in 2005, when a mathematical weakness was found in SHA-1. This led the NIST to work on a better and stronger hashing algorithm and hence SHA-2 came into existence.

SHA-1 has been implemented in most of all the security applications and under the secure protocols namely the TLS, SSL, PGP, IPSec & S/MIME. The main impetus behind the success of SHA-1 was the Digital Signature Standard (DSS) which is one of the most used standards around the world for digital certificates and digital signatures.

The SHA algorithm is based on the SHACAL block ciphers.

Often MD5 and SHA-1 are used in conjunction with each other and often used as substitutes. Either the MD5 hashing algorithm or the SHA-1 algorithm is used while performing the cryptographic functions.

SHA-1 has been announced as been weak due to the presence of a collision attack and hence the US government has started advising on the fact that SHA-2 should be used rather than SHA-1 in the applications that are utilized by the government.