PKI Blog

SHA-1 is “Shattered”

Posted by Wayne Harris on Mar 22, 2017 11:41:01 AM

SHA-1 has been in the news (again). We’ve all known that the SHA-1 hash function is cryptographically weak. In fact, CSS has been pointing out the weaknesses of SHA-1 for years now.


Read More

Topics: SHA-1, SHA-2

SHA-2 Migration Timelines are Looming

Posted by CSS Technical Team on Oct 18, 2016 8:50:41 AM

Are You Ready for the Move
to SHA-2?

Is your business ready for SHA-1 deprecation? The timelines for the move to SHA-2 are looming, and deprecation is fast-approaching. Explained by InfoWorld, SHA-1 was once considered secure, but has been proven to contain cryptographic flaws. Security experts and cryptographers believe that the SHA-1 hash is no longer secure—and its shelf life is dwindling quickly.

Read More

Topics: PKI, SHA-2, SHA-2 Migration

SHA-1 Signed Certificates No Longer Trusted?

Posted by Ted Shorter on Dec 10, 2013 4:47:24 AM

By now, you may have already heard that Microsoft will start deprecating trust in certificates with SHA-1 signatures in 2016. In our view, this is a prudent move by Microsoft. We've long known that SHA-1 was weakening, and showing signs that a practical attack similar to the 2008 demonstration against MD5 could appear in the next few years.

Read More

Topics: expired digital certificate, Public Key Infrastructure, Certificate Management System (CMS), Industry Trends, RSA Keys, PKIaaS, Azure PKI, PKI, Secure Hash Algorithm, PKI as a Service (PKIaaS), PKI as a Service, SHA1, SHA2, MD5 hash, Blog, SHA-1, SHA-2

SHA-3 Announcement

Posted by Wayne Harris on Oct 4, 2012 8:16:30 AM

As many know, the cryptographic hash function known as Secure Hash Algorithm 1 (SHA-1) has been deemed weak by NIST, and is no longer recommended. The NSA addressed the weaknesses in SHA-1 by publishing the SHA-2 hash function standard back in 2001. SHA-2 builds on SHA-1 by using similar algorithms with larger block and state sizes.

Read More

Topics: Keccak, Public Key Infrastructure, Industry Trends, NIST, Microsoft Public Key Infrastructure, PKI, Secure Hash Algorithm, Blog, SHA-1, SHA-2, SHA-3, NSA

Time's Up for SHA-1, CSS' Suggested Migration Path

Posted by Wayne Harris on Apr 18, 2011 5:00:16 AM

SHA-1 is a widely adopted hash algorithm that can no longer be considered trustworthy. Current PKI design analysts must weigh the benefits of implementing SHA-2 verses the compatibility problems associated with its adoption. This design decision is driven by the recent understanding that SHA-1 hashes are cryptographically weak and the opportunity for malicious manipulation of resulting hash values are much easier than originally anticipated. This is a serious problem if an authentic digital signature on contract for $100, cannot be distinguished from a fraudulent digital signature on a contract worth $100,000.

Read More

Topics: Microsoft Security Partner, digital pki, Public Key Infrastructure, Microsoft Public Key Infrastructure, Secure Hash Algorithm, Microsoft PKI, Blog, SHA-1, SHA-2, SHA-3, Got PKI?

Posts by Topic

see all

Subscribe to Email Updates

Want to Learn more about CSS?