In this ever-changing industry, staying well informed on choosing safe cryptographic key sizes and hashing algorithms can be a challenge for many to say the least. Simply put, using weak key lengths, algorithms and protocols can put the security of your applications and data at risk.
The move from SHA-1 to SHA-256
One of the more recent industry movements is the transition from having SSL Certificates signed with the SHA-1 hashing algorithm to certificates signed with SHA-256, the most widely supported of the SHA-2 family of algorithms. The urgency of this transition is due to recent advances in cryptographic attacks on SHA-1, demonstrating that SHA-1 is becoming more susceptible to collision and pre-image attacks.
Important deadlines and dates to make note of as you migrate to SHA-256:
Preparing for the transition
GlobalSign is happy to announce that beginning today we now offer SHA-256 support for all of our SSL Certificate products, including the ability to upgrade your current SHA-1 certificate to SHA-256 using our free re-issue policy. This will enable customers to upgrade to SHA-256 SSL Certificates quickly and efficiently well before the Microsoft deadline.
Compatibility issues?
The good news is most commonly used browsers, servers, mail clients and mobile devices already support SHA-256 allowing you to immediately benefit from higher levels of security. We’ve put together a compatibility list for known SHA-256 support, as there are some older operating systems such as Windows XP SP2 and some mobile devices that do not currently support SHA-256.
If you are unsure if your applications support SHA-256 we recommend upgrading one of your existing SSL Certificates to SHA-256 for testing purposes. If you find your organization is running applications that do not support SHA-256, then we strongly recommend upgrading those applications as soon as possible and well before the planned Microsoft deadline of January 2017.
For further background details on SHA-256 and the upcoming deadlines please see our article on the transition to SHA-256.
