SHA-1 is becoming at risk
SHA-1 is a hashing algorithm that has been adopted on a global scale. There are, however, mathematical shortcomings of this cryptographic hash algorithm that are solved by SHA-2.
The new hash function called SHA-2 removes this risk by producing hash values that are 224, 256, 384 or 512 bits
There are no announced attacks on SHA-1 right now in the crypto community, but it is just a matter of time before they appear.
Starting 2016, things will change from Microsoft regarding supporting SHA-1.
This has implications for Code Signing Certificates, Web Server certificates, CA hierarchies and PKI installations, including all manner of end-entity certificate applications and certificate dependencies.
Certificate Authority Server and PKI infrastructures are especially at risk if servers are still using SHA-1
To comply with the new guidelines, the root CA will have to switch to use SHA-2 by 1/1/2016 when signing new certificates and CRLs, Policy and issuing CAs will have to follow suit.
We are the ideal people to help you move to the new algorithm. SHA-1 is embedded in so many different platforms; it can be a challenge to determine exactly what the impact of migrating to SHA-2 can be.
We are very aware of the implications of getting this migration wrong and that’s why we are ideally placed to help with this important upgrade
Contact us for a full audit and remediation service
Tel: +44 (0) 7960 515215
Tel: +44 (0) 207 863 1738