Advanced Cryptography

Entrust SSL Certificates, Powered by SHA-2 Security

Developed by the National Institute of Standards and Technology (NIST), SHA-2 represents the most current set of cryptographic hash functions. At a micro level, SHA-2 is based on a set of four hash functions — 224, 256, 384 or 512 bits — which strengthens the original SHA-1 hash function released in 1995 by the NIST.

To provide more compatibility, Entrust Certificate Services customers have the choice to sign any Entrust digital certificate with SHA-1 or SHA-2. And best of all, the option to use this advanced level of cryptography, based on the SHA256 implementation, is offered to Entrust customers at no extra cost.

In fact, the SHA-2 standard may be used with any of Entrust's digital certificates, including Code Signing.

Though most organizations won't experience any compatibility difficulties, some older systems — such as those running Microsoft Windows XP SP2 (or older) or outdated Web browsers — are unable to support SHA-2 encryption. In these situations, administrators will need to either use SHA-1 certificates or upgrade these systems to SHA-2-supported configurations.

What is SHA?
SHA, or Secure Hash Algorithm, is one of the foundation algorithms used in public key cryptography. First published in 1993, SHA encryption is organized in a series that continue to evolve but not necessarily built upon its predecessor. To date, the hash algorithms were released as SHA-0 (1993), SHA-1 (1995) and SHA-2 (2001). The next version, SHA-3, is under development and yet to be released.

What's Next for SHA?
While organizations are currently standardizing on SHA-2, cryptographers have been building the foundation of SHA-3 since 2008. Though a SHA-3 release date has not been announced, the NIST is sponsoring an open competition to develop the next hash algorithm.

Only five SHA-3 hash entries advanced to the third and final round. Scheduled for early 2012, a final candidate conference will take place to discuss community feedback and findings. The next SHA-3 cryptographic hash algorithm is expected to be announced in late 2012.

Want to know more?

Explore Entrust's comprehensive portfolio of digital certificates.

Learn more