Open in app

Sign in

Write

Sign in

Migrating from SHA-1 to SHA-2

Shubhmeet Kaur
2 min readDec 31, 2019

What is SHA?

Thousands of bytes of information is shared every nano-second on the web. This massive information needs to be condensed so as to be transferred quickly and efficiently. To secure the private communication, SHA algorithms or also called Secure Hashing Algorithms are used to quickly authenticate and decrypt the private information. SHA is a group of cryptographic hash functions developed by the US National Security Agency (NSA).

One of the biggest use of SHA algorithms is in SSL certificates. A hash, an alphanumeric string is generated using SHA algorithm that serves as cryptographic representation of the certificate and is called a digest. This digest can be used as a digital signature for signing the certificate.

SHA-1 and SHA-2

SHA-1 and SHA-2 are two different versions of the SHA algorithm. They differ in construction and in the bit-length of the signature. SHA-2 is considered as successor of SHA-1. SHA-1 generates a hash of 160 bit length, whereas SHA-2 is actually a family of hashes and comes in variable bit lengths – 256, 384,512. The most popular is the one with 256 bit length and commonly referred as SHA-256. SHA hash should be unique and non-reversible.

Unique refers that no two different data can ever produce the same hash. Non-reversible means that if you had the hash, there shouldn’t be any way to find out the actual contents of data, ensuring that original data remains safe and unknown.

An example of the difference in size between SHA-1 vs SHA-256 can be seen in the following example hashes:

  • SHA-1 :dg39a3eege77dfgd3225bfef95601890afd80709
  • SHA-256 : e3b0c44298fc1c149afbf4c8996fb92427ae41e4649c46gde78as91b7852b844

Migrating from SHA-1 to SHA-2

US NSA recommends to use SHA-2 as a standard hashing algorithm for signing SSL certificates. Security researchers have been able to launch the real world collision attack against SHA-1 hash function, generating two different pdf files with the same SHA-1 digest. Thus, SHA-1 is prone to various attacks and use of SHA-1 is not advisable anymore in the field of security since December 2016 by US NSA. SHA-3 has also been created, successor of SHA-2. It supports same bit length as SHA-2 but varies in the internal structure of the hash.

References:

https://www.thesslstore.com/blog/difference-sha-1-sha-2-sha-256-hash-algorithms/

https://knowledge.digicert.com/generalinformation/INFO3495.html

Security
Sha

--

--

Shubhmeet Kaur

Written by Shubhmeet Kaur

12 Followers

Software Engineer | Graduated MSCS,Fall 2018 | Code Enthusiastic

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams