Public Key Infrastructure

Digital Key Management

Digital Certificates

TLS/SSL Certificates

Certificate Management

Certificate Authority

Certificate Scanning

Encryption Standards, Regulations, and Algorithms

Certificate Request

Chain of Trust

Certificate Provisioning

Certificate Renewal and Revocation

Buying a Certificate from CA

PKI for IoT

What is SHA, and what are SHA-1 and SHA-2?

SHA is the acronym for Secure Hash Algorithm, used for hashing data and certificate files. Every piece of data produces a unique hash that is thoroughly non-duplicable by any other piece of data. The resulting digital signature is unique too as it depends on the hash that’s generated out of the data. For the course of the actual communication, symmetric cryptography is used, where the same key that hashes or encrypts data is used to decrypt it.

Digital certificates follow the same hashing mechanism, wherein the certificate file is hashed, and the hashed file is digitally signed by the CA issuing the certificate. The most critical part of any electronic communication is authentication, that is, to make sure that the entity at the other end of the channel is genuinely the one that the session initiator wants to communicate with. That is why the TLS protocol enforces a more stringent authentication measure that uses asymmetric cryptography.

SHA is the cryptographic algorithm adopted by the PKI market for digital signatures. SHA-1 and SHA-2 are two versions of this algorithm. The difference between these two versions lies in the “length” or the “number of bits” that the hashed output (called message digest) contains for a given plaintext input. Logically, the more the number of bits the digest has, the more difficult it is to break it using brute force. The SHA-2 function produces a 256-bit digest (this is the commonly used function in the family of SHA-2; the functions range from 224 to 512-bit) while the SHA-1 function produces a 160-bit digest for the same input. SHA-1 offers weak security as it sometimes gives the same digest for two different data values, owing to its limited bit-length and therefore possible hash combinations, while SHA-2 produces a unique digest for every data value as a large number of combinations are possible in it (2^256 possible combinations for a 256-bit function). In 2016, the TLS/SSL industry enforced the move to SHA-2, and this algorithm has been in use until the present day.

Related Articles:   What is FIPS?