SHA1 vs SHA2 vs SHA256 – The Secure Hash Algorithm explained
One of the most common topics that we field questions on is the Secure Hash Algorithm, sometimes known as SHA1, SHA2, SHA256. Obviously, the different numbers at the end mean something, but there are also misperceptions about what they’re used for, what hashing is and how it all plays into PKI and TLS.
Let’s start with some basic concepts about hashing and how it interacts with other functions of TLS.
What is a hashing algorithm?
Hashing is an algorithmic function that maps data of any size to a fixed length output. Sometimes people call this one-way encryption but that’s not completely accurate. When you hash something, it creates a hash value, which is the fixed length output we just mentioned. No two different pieces of data can ever produce the same hash value. In fact, even the tiniest tweak to a piece of data will result in different hash values.
This is by design. And it helps to ensure the integrity of a file or a piece of data. So, what happens if two different pieces of data DO create the same hash value? That is called a collision. And when one occurs, it means the hashing algorithm is now worthless.
How do hashing algorithms fit into SSL/TLS and PKI?
Whereas RSA (Rivest, Shamir, Adleman) is an acronym paying homage to its creators, SHA is an acronym for its function: Secure Hash Algorithm. When an SSL certificate is presented, the client (browser) needs to authenticate it, and it does this by checking to see that the certificate has been signed by a trusted certificate authority.
To do this it must check that the signature is valid. The easiest way to do that is with a Secure Hash Algorithm (there’s a reason I say, “a” instead of “the” and we’ll get to it in a moment). When the certificate is signed the signature is hashed and that information is included in the certificate details. So, when the certificate is presented to the client, the client runs the same hash function on the signature and checks to ensure that it produces the same value. Remember, even the tiniest tweak to the signature will alter the hash value, so as long as the values match you can be assured the signature is authentic.
What is the difference between SHA1, SHA2, and SHA256?
As we discussed, SHA is an acronym for Secure Hash Algorithm, so while SHA2 is the successor to SHA1, it’s a completely different algorithm, or rather set of algorithms, not a variation on the original.
SHA1 was developed by the US government and is closer in nature to MD5. It creates message digests, 160-bit (20-byte) hash values that are represented by 40-digit long hexadecimal strings. SHA2 was also developed by the US government, specifically the NSA, and is actually a family of algorithms, six different hash functions that produce digest/hash values of varying lengths: 224, 256, 384 or 512.
The most popular is 256, but nomenclature referring to the SHA2 family can be confusing:
“The variety of SHA-2 hashes can lead to a bit of confusion, as websites and authors express them differently. If you see “SHA-2,” “SHA-256” or “SHA-256 bit,” those names are referring to the same thing. If you see “SHA-224,” “SHA-384,” or “SHA-512,” those are referring to the alternate bit-lengths of SHA-2. You may also see some sites being more explicit and writing out both the algorithm and bit-length, such as “SHA-2 384.”
What is Full SHA2?
This is something you’ll see with SSL/TLS certificate generation. It refers to the hashing algorithms that are used on the roots and intermediates in the certificate chain. Briefly, every operating system has a group of Root CA certificates that are kept in its trust store. In order for an SSL certificate to be trusted, the system must be able to chain it back to one of those roots using the digital signatures we described earlier.
All end user SSL/TLS certificates must use SHA2, but owing to their ubiquity and age, intermediates may still use SHA1 in some cases. This isn’t considered a major security risk because their corresponding private keys are adequately secured, but in the even you would like to have SHA2 intermediates and roots, or Full SHA2 Chain, that is an option with some CAs.