Relevant Items
Filter Blogs expand_more
Blog add
Authors add
Solutions add
Products add
Product Categories add
18 Results for 'SHA-1'
Blog

SHA-1 Certificates: Talking to Your Leadership about the Business Risk

By Sandra Carielli

December 11, 2017

How do you explain to your business the risk of continuing to use SHA-1 certificates?
Blog

Why SHA-1 Migration is Hard, And How to Address the Challenge

By Sandra Carielli

November 15, 2017

Why have so many organizations delayed their SHA-1 migration?  
Blog

Bye Bye SHA-1

By Bruce Morton

April 06, 2017

Entrust Datacard Stops Issuing SHA-1 Certificates
Blog

SHAttered - First SHA-1 Collision

By Bruce Morton

March 06, 2017

Google and CWI announced SHAttered, an attack on the SHA-1 cryptographic hash function. The attack was demonstrated by allowing the cryptographic signature on a good PDF to be the same as on a bad PDF. In other words, they forged the signature.
Blog

SHA-1 in 2017

By Bruce Morton

December 05, 2016

 If you have yet to migrate to SHA-2, check out Entrust Datacard’s SHA-2 Migration Guide. It will help you plan and execute a successful SHA-2 migration to avoid extra costs, eliminate service disruptions and ensure compliance.
Blog

Building Your Digital DNA: PKI and Cryptographic Disruptors

By Sandra Carielli

October 20, 2016

Researchers have demonstrated several vulnerabilities in MD5. The IETF has prohibited RC4 for use in TLS. More recently, you may have dealt with the impact of SHA-1 being removed as an acceptable algorithm in many standards, including PCI and CAB Forum, according to Entrust Datacard. 
Blog

Changes to Support SHA-1 Migration

By Bruce Morton

March 14, 2016

Entrust provides security beyond the TLS certificate. We are a strong supporter of the CA/Browser Forum standards and also support the requirements provided by our root embedding partners such as Microsoft and Mozilla. 
Blog

What's the Future for SHA-1 and Browser Users as of January 1, 2016?

By Bruce Morton

December 22, 2015

On January 1, 2016, the public trust certification authorities (CAs) will stop issuing SHA-1 signed SSL/TLS certificates. The bottom line is SHA-1 is vulnerable. New studies have shown that the safety factor is decreasing. Continuing to issue SHA-1 signed certificates could compromise a CA or could compromise a legitimate website. Unfortunately for old browser and operating users, the servers must continue to move to SHA-2 signed certificates. These users should try to move to supported systems.
Blog

Keep Moving to SHA-2 — Leading Browsers Fast Track SHA-1 Deprecation

By Bruce Morton

December 02, 2015

Research indicates that SHA-1 signed SSL/TLS certificates face increasing vulnerabilities forcing leading browsers to reconsider how long they will support this technology. This blog outlines dates around the phasing out of SHA-1.
Blog

SHA-1 Freestart Collisions

By Bruce Morton

October 19, 2015

The Freestart collision for full SHA-1 paper was released by Marc Stevens, Pierre Karpman and Thomas Peyrin. This is not a collision attack on the SHA-1 function itself, but on the compression function that underlies it. The research paper states "Freestart collisions, like the one presented here, do not directly imply a collision for SHA-1. However, this work is an important milestone towards an actual SHA-1 collision and it further shows how graphics cards can be used very efficiently for these kind of attacks."
Page 1 of 2