Tag Archives: SHA-2

Do You Need SHA-2 Signed Root Certificates?

April 4, 2014 by Bruce Morton     No Comments

We have discussed the SHA-1 deprecation policy and why you should move to SHA-2. The certification authorities (CAs) have provided methods to have your certificates issued and signed using a SHA-2 hashing algorithm. As we move ahead, you will see the CAs changing the default signing algorithm from SHA-1 to SHA-2. It’d be sound strategy [Read More...]

Filed Under: SSL, SSL Deployment Tagged With: root certificates, SHA-1, SHA-2

Always-On SSL

February 6, 2014 by Bruce Morton     2 Comments

Always-On SSL is an approach to securing your website to mitigate attacks against your users. When I think of Always-On SSL, I think of three concepts: SSL across your entire site, SSL deployed to the best practices, and SSL with leading technology. SSL across Your Entire Site The approach to Always-On SSL is to avoid [Read More...]

Filed Under: EV SSL, SSL, SSL Deployment Tagged With: EV SSL, HSTS, OCSP stapling

Why We Need to Move to SHA-2

January 6, 2014 by Bruce Morton     1 Comment

Previously, we advised that the SSL industry must move to the SHA-2 hashing algorithm for certificate signatures. We thought it would be helpful to provide the reasoning behind the position. In the context of SSL, the purpose of a hashing algorithm is to reduce a message (e.g., a certificate) to a reasonable size for use [Read More...]

SHA-1 Deprecation, on to SHA-2

December 9, 2013 by Bruce Morton     1 Comment

We have previously reviewed implementation of SHA-2, but with Bruce Schneier stating the need to migrate away from SHA-1 and the SHA-1 deprecation policy from Microsoft, the industry must start to make some progress in 2014. Web server administrators will have to make plans to move from SSL and code signing certificates signed with the [Read More...]

Filed Under: SSL, SSL Deployment Tagged With: Code Signing, Microsoft, SHA-1

Should You Use SHA-2?

December 11, 2012 by Bruce Morton     1 Comment

A common question we receive from certificate customers: should we ask Entrust to sign our certificate with a signature using the SHA-2 hashing algorithm?

SHA-3

October 9, 2012 by Bruce Morton     No Comments

On October 2, 2012, the National Institute of Standards and Technology (NIST) announced that the winner of the new SHA-3 hash function competition was Keccak. The plan is SHA-3 will eventually replace SHA-1 and the SHA-2 hash families. To support digital certificates, the hashing function is used by the certification authority (CA) to put its [Read More...]

Filed Under: Secure Browsing, SSL, Technical Tagged With: Keccak, MD5, MD5MD5