Secure Hashing Algorithms SHA-1 and SHA-2
First implemented by the National Security Agency (NSA) in 1993, the Secure Hashing Algorithm (SHA) is used by certification authorities such as Verisign and Thawte to sign certificates and Certificate Revocation Lists. SHA is used to generate unique hash values from files.
This is the SHA-1 hash fingerprint from the bbc.co.uk website:
root@raspberrypi:/# echo | openssl s_client -connect bbc.co.uk:443 2>/dev/null | openssl x509 -fingerprint -noout
SHA1 Fingerprint=EA:D2:F2:79:18:A0:CD:2B:10:3B:12:01:CF:B1:9E:CC:AF:0F:28:0C
SHA versions:
- SHA0 Obsoleted
- SHA1 Currently the most widely implemented
- SHA2 Stronger than SHA-1 due to longer hash (SHA224, SHA256, SHA384 and SHA512)
As part of their SHA-2 migration plan, Microsoft, Google, and Mozilla have announced that they will stop trusting SHA-1 certificates. Google began phasing out trust in SHA-1 certificates in November 2014. Read more…