Several years ago, SHA–1 was already in the news as hash collision could be proven. That means the SHA1 calculation method could result in the same checksum (or hash) for different objects (i. e. PDF document) despite having different content.
That put SHA1 or SHA-1 on the graveyard of obsolete technology and SHA-2 family took over. https://arstechnica.com/information-technology/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/
This article came out February 2017, roughly 3 years ago!
“We have computed the very first chosen-prefix collision for SHA-1. In a nutshell, this means a complete and practical break of the SHA-1 hash function, with dangerous practical implications if you are still using this hash function. To put it in another way: all attacks that are practical on MD5 are now also practical on SHA-1. Check our paper here for more details.” https://sha-mbles.github.io/
Of course, that doesn’t mean implementations are getting replace and updated immediately. Nevertheless, the reality check is kind of frustrating:
Any usage where collision resistance is expected from SHA-1 is of course at high risk. Directly affected by chosen-prefix collisions are:
Please note that classical collisions and chosen-prefix collisions do not threaten all usages of SHA-1. In particular, HMAC-SHA-1 seems relatively safe, and preimage resistance (aka ability to invert the hash function) of SHA-1 remains unbroken as of today. Yet, cryptographers recommend to deprecate SHA-1 everywhere, even when there is no direct evidence that this weaknesses can be exploited.
Remove any use of SHA-1 in your product as soon as possible and use instead SHA-256 or SHA-3.
That can also be done quite simple and even more comprehensive by using CodeNotary.io functionality. CodeNotary digital identities use SHA-256 and are stored tamperproof with additional attributes.