Time’s Up for SHA-1. CSS’ Suggested Migration Path
SHA-1 is a widely adopted hash algorithm that can no longer be considered trustworthy. Current PKI design analysts must weigh the benefits of implementing SHA-2 verses the compatibility problems associated with its adoption. This design decision is driven by the recent understanding that SHA-1 hashes are cryptographically weak and the opportunity for malicious manipulation of resulting hash values are much easier than originally anticipated. This is a serious problem if an authentic digital signature on contract for $100, cannot be distinguished from a fraudulent digital signature on a contract worth $100,000.
SHA-2 is an update of the older SHA-1 hashing algorithm, providing a more secure and ultimately a more trustworthy PKI. But are the benefits of SHA-2 worth the expense involved in its implementation? This blog post explores SHA-2 in order to provide context, background, and possible migration paths.
Subscribe via RSS »
