Filter Blogs expand_more
Blog add
Authors add
Solutions add
Products add
Product Categories add
19 Results for 'SHA-1'
Blog

Bye Bye SHA-1

By Bruce Morton
April 06, 2017
Entrust Datacard Stops Issuing SHA-1 Certificates
Blog

Why SHA-1 Migration is Hard, And How to Address the Challenge

By Sandra Carielli
November 15, 2017
Why have so many organizations delayed their SHA-1 migration?  
Blog

SHA-1 Freestart Collisions

By Bruce Morton
October 19, 2015
The Freestart collision for full SHA-1 paper was released by Marc Stevens, Pierre Karpman and Thomas Peyrin. This is not a collision attack on the SHA-1 function itself, but on the compression function that underlies it. The research paper states "Freestart collisions, like the one presented here, do not directly imply a collision for SHA-1. However, this work is an important milestone towards an actual SHA-1 collision and it further shows how graphics cards can be used very efficiently for these kind of attacks."
Blog

SHA-1 Deprecation, On to SHA-2

By Bruce Morton
December 09, 2013
We have previously reviewed implementation of SHA-2, but with Bruce Schneier stating the need to migrate away from SHA-1 and the SHA-1 deprecation policy from Microsoft, the industry must start to make some progress in 2014.
Blog

SHA-1 Certificates: Talking to Your Leadership about the Business Risk

By Sandra Carielli
December 11, 2017
How do you explain to your business the risk of continuing to use SHA-1 certificates?
Blog

Google is Sun-Setting SHA-1 in Upcoming Chrome Releases

By Bruce Morton
September 10, 2014
Entrust Datacard shares announcement from Google on September 5, 2014, that Chrome will sunset SHA-1 by providing security warnings through the popular browser. SHA-1 is a secure hash algorithm used when signing SSL certificates. SHA-1 provides a unique 160-bit hash value representing the certificate. The hash value is designed so it cannot be the same for two different certificates.
Blog

Update – Chrome 41 Release and SHA-1

By Bruce Morton
January 27, 2015
When Google Chrome 41 is released, it will treat certificate chains using SHA-1 which are valid past January 1, 2017 as affirmatively insecure.
Blog

Keep Moving to SHA-2 — Leading Browsers Fast Track SHA-1 Deprecation

By Bruce Morton
December 02, 2015
Research indicates that SHA-1 signed SSL/TLS certificates face increasing vulnerabilities forcing leading browsers to reconsider how long they will support this technology. This blog outlines dates around the phasing out of SHA-1.
Blog

What's the Future for SHA-1 and Browser Users as of January 1, 2016?

By Bruce Morton
December 22, 2015
On January 1, 2016, the public trust certification authorities (CAs) will stop issuing SHA-1 signed SSL/TLS certificates. The bottom line is SHA-1 is vulnerable. New studies have shown that the safety factor is decreasing. Continuing to issue SHA-1 signed certificates could compromise a CA or could compromise a legitimate website. Unfortunately for old browser and operating users, the servers must continue to move to SHA-2 signed certificates. These users should try to move to supported systems.
Blog

SHAttered - First SHA-1 Collision

By Bruce Morton
March 06, 2017
Google and CWI announced SHAttered, an attack on the SHA-1 cryptographic hash function. The attack was demonstrated by allowing the cryptographic signature on a good PDF to be the same as on a bad PDF. In other words, they forged the signature.
Page 1 of 2