I know the difference between sha1 and sha 2 algorithm but when we create a certificate specifying the sha1 vs sha2 makes what difference to the ssl certificate?
Let me know if you need more information.
Thanks, Naga
Asked
Active
Viewed 443 times
1 Answers
0
The difference between those certificates is the strength of the hash function used for the digital signature created by the issuer of the certificate. SHA-1 is considered too weak since hash collision attacks are possible. Such a collision would allow the creation of a new certificate by the attacker which uses an existing signature and is thus considered trusted. The SHA-2 family of hash functions is considered strong enough and thus used today, mostly with SHA-256.
Steffen Ullrich
- 114,247
- 10
- 131
- 172