What is a common reason for deprecating SHA-1?

Collision vulnerabilities explain why SHA-1 is deprecated. A secure hash should make it extremely hard to find two different inputs that produce the same hash value. When collisions exist, an attacker can create a different document that yields the same digest, which can be exploited to forge signatures or substitute messages in security protocols. In the real world, practical collision attacks against SHA-1 have been demonstrated, showing that certificates, digital signatures, and other integrity checks relying on SHA-1 are no longer trustworthy. That risk is why modern systems stop using SHA-1 and move to stronger hashes like SHA-256 or SHA-3. The other options don’t address this fundamental weakness—memory usage, digest length, or patent status aren’t the reasons SHA-1 is phased out.