Back
-
Solutions
Back
Digital Trust for:
Enterprise IT, PKI & Identity
Code & Software Signing
Documents & eSignatures
IoT & Connected Devices
Manage PKI and certificate risk in one place
Quantum is coming.
It's time to prepare.
Quantum is coming.
WATCH REPLAY
It's time to prepare. - Buy
-
Insights
Back
Resources
Explore these pages to discover how ¶ºÒõ¹Ý is helping organizations establish, manage and extend digital trust to solve real-world problems.
-
Partners
Back
- Support
- Contact us
-
Language
Announcements
10-08-2015
Flavio Martins
Researchers Urge Administrators to Replace SHA-1 Certificates with SHA-2
This morning an international team of cryptanalysts urged administrators to replace their SHA-1 certificates as the risks associated SHA-1 are greater than previously expected.
The published findings are theoretical and have not yet been proven in a practical setting. While there doesn’t appear to be an immediate present danger, we strongly encourage administrators to migrate to SHA-2 as soon as feasibly possible.
The research group points out:
Collisions on SHA-1 can result in signature forgeries, but do not directly undermine the security of the Internet at large...Given the lessons learned with the MD5 full break, it is not advisable to wait until these become practically possible.
Huaxiong Wang, head of NTU's Division of Mathematical Sciences, says,Ìý"[Administrators] are also advised to migrate to SHA-2 soon, to avoid warnings for visitors when Internet browsers stop trusting SHA-1."
Thomas Peyrin, head of SYLLAB at NTU, points out,Ìý"SHA-1's successors, SHA-2 and SHA-3, are unaffected by these recent cryptanalytic advances and remain secure."ÌýThe researchers have set up a site detailing their findings:Ìý.
Administrators should consider the impact this update could have to their organization and plan for:
- Hardware compatible with SHA-2
- Server software updates supporting SHA-2
- Client software support for SHA-2
- Custom application code support for SHA-2
As part of our ongoing efforts to ensure the security of our customers, we have been proactively notifying customers of outstanding SHA-1 certificates and urging them to update to SHA-256.
Browsers and CAs have previously encouraged migration to SHA-2 by 2017, however this research encourages organizations to accelerate their plans to upgrade existing infrastructure to support SHA-2.
To identify existing SHA-1 certificates, ¶ºÒõ¹Ý has a number of tools available:
¶ºÒõ¹Ý customers can update their SHA-1 certificates at no cost.
- Log in to your ¶ºÒõ¹Ý account and identify if you still have SHA-1 certificates in use.
- Re-issue your certificate and automatically receive a new SHA-2 certificate.
- Install the new SHA-2 certificate on your server.
- Use the ¶ºÒõ¹Ý Certificate UtilityÌýto confirm your SHA-256 certificate is installed.
If you are not a ¶ºÒõ¹Ý customer, please take advantage of Certificate Inspector and the SHA-1 Sunset Tool to identify current SHA-1 certificates and switch to SHA-2.
In addition, to help transition certificates to SHA-2, we have created a number of resources:ÌýSHA-2 Migration Guide.
Featured Stories
-
The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.Ìý
-
© 2024 ¶ºÒõ¹Ý. All rights reserved.
Legal Repository Audits & Certifications Terms of Use Privacy Center Accessibility Cookie Settings