I notice there's no mention of what should be used instead. I'm sure that it's o... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

lilyball on Sept 5, 2014 | parent | context | favorite | on: Gradually sunsetting SHA-1

I notice there's no mention of what should be used instead. I'm sure that it's obvious to a lot of people, but not to me. Are we supposed to use SHA-2? SHA-3? Or something else?

Also, does Google believe that we should stop using SHA-1 for other things too, or is this only an issue with really high-profile, high-reward targets like certificates?

robertduncan on Sept 5, 2014 [–]

SHA-2 for new certificates.

SHA-1 has been deprecated for a while but is still in (very) widespread use, see: http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-13... http://news.netcraft.com/archives/2014/02/04/nist-continues-...

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact