SHA-1 (Secure Hash Algorithm 1) is an alogrithm used to verify data authenticity. In 2005, SHA-1 was also found to be insecure. So you should stop using SHA-1 and switch to SHA-2. Is your website still using SHA-1 ?
You could do this check from command line of a Unix-like system.
openssl s_client -connect www.mysite.com:443 < /dev/null 2>/dev/null | openssl x509 -text -in /dev/stdin | grep "Signature Algorithm"
In the above command line, replace www.mysite.com with what you have. For SSL, default port is 443.
Signature Algorithm: sha1WithRSAEncryption
If this the result, your site is using SHA-1. You should consider using SHA-2 in place of SHA-1.
Signature Algorithm: sha256WithRSAEncryption
If this the result, your site is using SHA-2.
But why should I stop using SHA-1?
Today, more and more people consider SHA-1 to be insecure. Since 2005, folks have published attacks on SHA-1. The SHAttered attack is the most recent one.
openssl s_client -connect www.mysite.com:443 < /dev/null 2>/dev/null | openssl x509 -text -in /dev/stdin | grep "Signature Algorithm"
In the above command line, replace www.mysite.com with what you have. For SSL, default port is 443.
Signature Algorithm: sha1WithRSAEncryption
If this the result, your site is using SHA-1. You should consider using SHA-2 in place of SHA-1.
Signature Algorithm: sha256WithRSAEncryption
If this the result, your site is using SHA-2.
But why should I stop using SHA-1?
Today, more and more people consider SHA-1 to be insecure. Since 2005, folks have published attacks on SHA-1. The SHAttered attack is the most recent one.
No comments:
Post a Comment