SHA1 is Dead – Why should you care?

Posted by Yasir Khan - Head of Product Development on 03-Mar-2017 12:53:08

SHA1 is officially dead. For everyday users of electronic signatures, SHA1 might not mean much to you but we can assure you, this development is incredibly important!

SHA1 is a hash algorithm - a type of security measure used in popular software across the world. This includes the majority of electronically signed documents.



SHA1-Dead-Cover-2.png

For over ten years, researchers have been warning about the vulnerability of the SHA1 algorithm. This warning became a reality in February 2017 when researchers demonstrated a real-world attack using two PDF files that despite displaying different content, had the same SHA1 hash.

This means collisions are now possible. In business terms, this translates to SHA1 not being suitable for electronic signatures, file integrity mechanisms and file identification.

Ars Technica has the details. Here at Ascertia, we’ve been aware of SHA1’s weakness for some time and all our products, SigningHub included, have been using SHA256 as the default algorithm for many years.

In our latest eBook, we explain the different elements that produce an electronic signature on a PDF document (PAdES– PDF Advanced Electronic Signatures) and multiple location where hash algorithms are involved. Ensure your e-signed documents don’t use SHA1 in any of these places.

Download eBook

 

Topics: sha1 algorithm, sha1 security, SHA1, sha algorithm, SHA1 is dead, sha security

Recent Posts

Posts by Topic

see all

Download this essential eBook

Choosing the right type of e-signature
for your business

Download your eBook