Entrust at RSA: ‘Pass the Hash’
This entry is part 4 of 12 in the series Entrust at RSA 2014 Jason Soroko, Entrust’s head of malware research, is causing quite the RSA buzz with his latest video presentation: “Pass the Hash.” Outlined in a blog post a few weeks ago, Soroko explains about a lesser-known attack vector that exploits single sign-on [Read More...]
Why We Need to Move to SHA-2
Previously, we advised that the SSL industry must move to the SHA-2 hashing algorithm for certificate signatures. We thought it would be helpful to provide the reasoning behind the position. In the context of SSL, the purpose of a hashing algorithm is to reduce a message (e.g., a certificate) to a reasonable size for use [Read More...]
Should You Use SHA-2?
A common question we receive from certificate customers: should we ask Entrust to sign our certificate with a signature using the SHA-2 hashing algorithm?