Do You Need SHA-2 Signed Root Certificates?
We have discussed the SHA-1 deprecation policy and why you should move to SHA-2. The certification authorities (CAs) have provided methods to have your certificates issued and signed using a SHA-2 hashing algorithm. As we move ahead, you will see the CAs changing the default signing algorithm from SHA-1 to SHA-2. It’d be sound strategy [Read More...]
Why We Need to Move to SHA-2
Previously, we advised that the SSL industry must move to the SHA-2 hashing algorithm for certificate signatures. We thought it would be helpful to provide the reasoning behind the position. In the context of SSL, the purpose of a hashing algorithm is to reduce a message (e.g., a certificate) to a reasonable size for use [Read More...]
SHA-1 Deprecation, on to SHA-2
We have previously reviewed implementation of SHA-2, but with Bruce Schneier stating the need to migrate away from SHA-1 and the SHA-1 deprecation policy from Microsoft, the industry must start to make some progress in 2014. Web server administrators will have to make plans to move from SSL and code signing certificates signed with the [Read More...]
Public Key Pinning Extension for HTTP
In 2011, Google added public key pinning to Chrome. They white-listed the certification authority public keys that could be used to secure Google domains.
Should You Use SHA-2?
A common question we receive from certificate customers: should we ask Entrust to sign our certificate with a signature using the SHA-2 hashing algorithm?
On October 2, 2012, the National Institute of Standards and Technology (NIST) announced that the winner of the new SHA-3 hash function competition was Keccak. The plan is SHA-3 will eventually replace SHA-1 and the SHA-2 hash families. To support digital certificates, the hashing function is used by the certification authority (CA) to put its [Read More...]