Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

All you need to know about the move from SHA-1 to SHA-2

Roger A. Grimes | July 7, 2017
The PKI industry recommends that every SHA-1 enabled PKI move to the vastly more secure SHA-2.

Most generally accepted cryptographic hash standards are considered strong at their inception, but over time cryptographic attackers develop clever ways of using math to weaken the protective strength of the bit length of the chosen hash. All hashes have a stated bit-length, which is the number of 1s and 0s (binary digitals) that are represented in the hash output.

A strong cryptographic hash is considered to be as strong as its stated effective bit length minus 1 bit. Thus, a strong 128-bit hash is considered to have 127-bits (2^127) of effective protection when no flaws are known. Anytime someone can submit provable math that the hash can be broken in less than its effective bit length minus one, the hash is considered weakened. Generally, or at least so far, all generally accepted hashes have become weaker over time, as cryptographic attacks improve the ability to shorten the hash’s effective bit length. As the effective bit length is shortened, the hash becomes less protective and less valuable. At the point when it is believed that someone can “crack” a hash within a reasonable period of time and resources (often still measured in the hundreds of thousands to millions of dollars), the hash is considered “broken” and no longer should be used. Broken hashes have been used by malware and attackers to pose as legitimate digitally-signed software. A good example of this is the Flame malware program. In short, weak hashes matter and should not be used.


Intro to SHA

SHA-1 was designed by the United States National Security Agency (NSA) and published as a federal standard in 1995 by the United States National Institute for Standards and Technology (NIST). Cryptographic standards released by NIST are often trusted by much of the world and are often required on all computers doing critical business with the United States government or military. SHA-1 replaced previously weakened cryptographic hashes, such as MD-5.

Over time, several continued cryptographic attacks against SHA-1 started to shorten its effective key length. Because of the continued success against SHA-1, the NSA and NIST identified its related successor, SHA-2, as the new recommended hashing standard in 2002. This was well before SHA-1 was considered broken. In February 2017, a successful collision attack was revealed that essentially made SHA-1 no longer useful for cryptographic signing protection.

A great discussion of the SHA-1 break and example documents can be found at:


SHA-2 family

SHA-2 is the cryptographic hashing standard that all software and hardware should be using now, at least for the next few years. SHA-2 is often called the SHA-2 family of hashes because it contains many different-size hashes, including 224-, 256-, 384-, and 512-bit digests. When someone says they are using the SHA-2 hash, you don’t know which bit length they are using, but the most popular one is 256 bits (by a large margin). Although SHA-2 shares some of the same math characteristics as SHA-1 and minor weaknesses have been discovered, in crypto-speak it's still considered "strong” for the foreseeable future. Without question, it's way better than SHA-1, and any critical SHA-1 enabled certificates, applications, and hardware devices using SHA-1 should be moved to SHA-2.


Previous Page  1  2  3  4  5  Next Page 

Sign up for CIO Asia eNewsletters.