Logo

PKI Consortium blog

Posts by author Clayton Smith

    Why We Need to Move to SHA-2
    January 30, 2014 by Bruce Morton (Entrust), Clayton Smith (Entrust) Attack SHA2 SSL/TLS

    Previously, we advised that the SSL industry must move to the SHA-2 hashing algorithm for certificate signatures. We thought it would be helpful to provide the reasoning behind the position.

    In the context of SSL, the purpose of a hashing algorithm is to reduce a message (e.g., a certificate) to a reasonable size for use with a digital signature algorithm. The hash value, or message digest, is then signed to allow an end-user to validate the certificate and ensure it was issued by a trusted certification authority (CA). In the past, we used MD5 for hashing; we are now primarily using SHA-1 while beginning the transition to SHA-2, and have SHA-3 available for the future.

    Participate in our community discussions and/or join the consortium