SHA-1

A cryptographic hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest — typically rendered as a hexadecimal number, 40 digits long.

SHA-256

A cryptographic hash function(sometimes called ‘digest’) is a kind of ‘signature’ for a text or a data file which generates an almost-unique 256-bit (32-byte) signature for a text.

Which one to use?

Cryptology Group at Centrum Wiskunde & Informatica (CWI) — the national research institute for mathematics and computer science in the Netherlands — and the Google Research Security, Privacy and Anti-abuse Group has proved that SHA-1 is broken.

They proved that it is practically possible to craft two colliding PDF files and obtain a SHA-1 digital signature on the first PDF file which can also be abused as a valid signature on the second PDF file.

Today, many applications still rely on SHA-1, even though theoretical attacks have been known since 2005, and SHA-1 was officially deprecated by NIST( National Institute of Standards and Technology) in 2011. We hope our practical attack on SHA-1 will increase awareness and convince the industry to quickly move to safer alteratives, such as SHA-256.

You can use our file tester above to check your files. If you use Chrome, you will be automatically protected from insecure TLS/SSL certificates, and Firefox has this feature planned for early 2017 has quickly reacted to this announcement, and deprecated SHA-1 as of February 24th, 2017.

Starting from version 56, released in January 2017, Chrome will consider any website protected with a SHA-1 certificate as insecure. Firefox has this feature planned for early 2017 has deprecated SHA-1 as of February 24th, 2017.

Suffering from Knowledge Quest

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store