Entrust Datacard

What is SHA-2

Entrust SSL Certificates, Powered by SHA-2 Security

Developed by the National Institute of Standards and Technology (NIST), SHA-2 represents the most current set of cryptographic hash functions. At a micro level, SHA-2 is based on a set of four hash functions — 224, 256, 384 or 512 bits — which strengthens the original SHA-1 hash function released in 1995 by the NIST.

To provide maximum compatibility, Entrust Certificate Services customers have the choice to sign any Entrust digital certificate with SHA-1 or SHA-2, though SHA-2 is now the recommended hash function, as SHA-1 is in the process of being rapidly deprecated by the browsers.

In fact, the SHA-2 standard may be used with all of Entrust's digital certificates, including Code Signing.

Though most organizations won't experience any compatibility difficulties, some older systems — such as those running Microsoft Windows XP SP2 (or older) or outdated Web browsers — are unable to support SHA-2 encryption. In these situations, administrators are recommended to upgrade these systems to SHA-2-supported configurations if they rely on the users’ browsers providing public trust.

Migrate from SHA-1

What is SHA?
SHA, or Secure Hash Algorithm, is one of the foundation algorithms used in public key cryptography. First published in 1993, SHA encryption is organized in a series that continue to evolve but not necessarily built upon its predecessor. To date, the hash algorithms were released as SHA-0 (1993), SHA-1 (1995) and SHA-2 (2001). The next version, SHA-3, is under development and yet to be released.

What's Next for SHA?
While organizations are currently standardizing on SHA-2, cryptographers have been building the foundation of SHA-3 since 2008. Though a SHA-3 release date has not been announced, the NIST is sponsoring an open competition to develop the next hash algorithm.

Only five SHA-3 hash entries advanced to the third and final round. Scheduled for early 2012, a final candidate conference will take place to discuss community feedback and findings. The next SHA-3 cryptographic hash algorithm is expected to be announced in late 2012.

Want to know more?

Explore Entrust's comprehensive portfolio of digital certificates.

Learn more