Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

All you need to know about the move from SHA-1 to SHA-2

Roger A. Grimes | July 7, 2017
The PKI industry recommends that every SHA-1 enabled PKI move to the vastly more secure SHA-2.

lock

For the past two years, I’ve been busy helping Public Key Infrastructure (PKI) customers prepare for and move to SHA-2, the set of cryptographic hash functions that have succeeded SHA-1. Last year, moving to SHA-2 ahead of the global deadline was a nice-to-do preparatory step. This year, now that the migration deadline has passed, it’s required.

Many digital-certificate-consuming devices and applications already display warnings/errors or operationally fail if a digital certificate containing the SHA-1 (or earlier) hash is presented, and pretty soon all of them will. Why the forced change? Because the SHA-1 hash has been shown to suffer such severe cryptographic weaknesses that its days of useful protection are over.

Up until 2017, SHA-1 was the most common hash used for cryptographic signing, and some, usually older, applications and devices don’t yet accept or understand SHA-2-related hashes or certificates. There's the rub.

 

What’s a hash?

A good cryptographic hash function is a mathematical algorithm, which when run against any content (e.g. document, sound, video, picture, etc.) will always return a unique output result (often called a hash or hash result) for unique input content. No two differing inputs should ever return the same hash output and identical inputs should always result in the same output. Using these cryptographic properties, a hash output can be used on two differently submitted inputs to see if they are identical or not. Cryptographic hashes are the backbone of almost every digital authentication and integrity process.

PKI certification authority (CA) services use cryptographic hashes to confirm identities and digital certificate requests and to allow the confirmation of (i.e., sign) digital certificates and certificate revocation lists (CRLs) that they issue by other relying parties (e.g., computers, software, users, etc.). If the cryptographic hash used by PKI services is not trusted as being strong (i.e., “unbreakable"), then relying parties cannot rely on the validity of the digital certificates and other content signed by the CA. It is the strength of the cryptographic hash that creates trust in the whole PKI system.

Note: “Checksums” are hash-like verifiers, but without any cryptographic proof behind them to prove they provide reasonably unique outputs for unique inputs. In general, cryptographic hashes are considered more secure than checksums, although checksums are often used for non-critical integrity and authentication checks.

 

Hash attacks

The strength of a cryptographic hash resides in its inherent ability to ensure that all submitted unique content always results in same unique output. At the same time, anyone obtaining only the hash result output of content should not be able to create the original content submitted to create the hash result simply from the hash result alone. If someone can do so it’s called a “preimage” attack. And no two different inputs should ever make the same, identical hash output. If they do, it’s considered a “collision”.

 

1  2  3  4  5  Next Page 

Sign up for MIS Asia eNewsletters.