SHA-1 Deprecation

SHA-1 is becoming at risk

SHA-1 is a hashing algorithm that has been adopted on a global scale. There are, however, mathematical shortcomings of this cryptographic hash algorithm that are solved by SHA-2.

The new hash function called SHA-2 removes this risk by producing hash values that are 224, 256, 384 or 512 bits

There are no announced attacks on SHA-1 right now in the crypto community, but it is just a matter of time before they appear.

Starting 2016, things will change from Microsoft regarding supporting SHA-1.

This has implications for Code Signing Certificates, Web Server certificates, CA hierarchies and PKI installations, including all manner of end-entity certificate applications and certificate dependencies.

Certificate Authority Server and PKI infrastructures are especially at risk if servers are still using SHA-1

To comply with the new guidelines, the root CA will have to switch to use SHA-2 by 1/1/2016 when signing new certificates and CRLs, Policy and issuing CAs will have to follow suit.

We are the ideal people to help you move to the new algorithm. SHA-1 is embedded in so many different platforms; it can be a challenge to determine exactly what the impact of migrating to SHA-2 can be.

We are very aware of the implications of getting this migration wrong and that’s why we are ideally placed to help with this important upgrade

Contact us for a full audit and remediation service

Tel: +44 (0) 7960 515215
Tel: +44 (0) 207 863 1738