We are happy to announce that there is a new regulation regarding the AS2 messages security in Germany. The government has officially ruled that they will support a more secure standard for online communications, starting from the 1st of January, and will be setting aside the SHA-1 encryption.
SHA stands for Secure Hash Algorithm and is used to determine the integrity and verification of data. This algorithm is often used by SSL certificate authorities and produces a 160-bit hash value for browser security. To give you an idea: the most common use of this certificate is when you log into a website and enter your password.
However, web browsers like Google Chrome and Firefox have been stating for years now that this SHA-1 encryption is vulnerable to attacks. Only last year, Google has set up a simulated collision to indicate how SHA-1 can be hacked over time, proving this protocol is no longer safe.
Most web browsers are already phasing out SHA-1, marking these HTTPS certificates as ‘unsafe’. Instead, they are recommending a more secure alternative to sign SSL certificates: SHA-256. This algorithm uses – you guessed it – a 256-bit hash, which is far more complicated to even try to attack.
At Egssis we have already been implementing SHA-256/512 as preferred encryption method with all capable partners, so we are happy that this improved standard finally gets German regulatory support. Hopefully other countries will follow soon.