Entrust SSL Certificates, Powered by SHA-2 Security

EncryptionDeveloped by the National Institute of Standards and Technology (NIST), SHA-2 represents the most current set of cryptographic hash functions. At a micro level, SHA-2 is based on a set of four hash functions — 224, 256, 384 or 512 bits — which strengthens the original SHA-1 hash function released in 1995 by the NIST.

To provide maximum compatibility, Entrust Certificate Services customers have the choice to sign any Entrust digital certificate with SHA-1 or SHA-2, though SHA-2 is now the recommended hash function, as SHA-1 is in the process of being rapidly deprecated by all major browsers.

In fact, the SHA-2 standard may be used with all of Entrust’s digital certificates, including Code Signing.

Though most organizations won’t experience any compatibility difficulties, some older systems — such as those running Microsoft Windows XP SP2 (or older) or outdated Web browsers — are unable to support SHA-2 encryption. In these situations, administrators are recommended to upgrade these systems to SHA-2-supported configurations if they rely on the users’ browsers providing public trust.

What is SHA?

SHA, or Secure Hash Algorithm, is one of the foundation algorithms used in public key cryptography. First published in 1993, SHA encryption is organized in a series that continue to evolve but not necessarily built upon its predecessor. To date, the hash algorithms were released as SHA-0 (1993), SHA-1 (1995) and SHA-2 (2001). The next version, SHA-3, is under development and yet to be released.

What’s Next for SHA?

While organizations are currently standardizing on SHA-2, cryptographers have been building the foundation of SHA-3 since 2008. Though a SHA-3 release date has not been announced, the NIST continues to sponsor events to discuss and develop SHA-3.

Learn More about Migrating to SHA-2