SHA512 and 4096 compatibility?

We are going to be replacing our internal Server 2008 CA with a 2 tier 2012 R2 setup with one offline server and one online CA server.

I noticed all the installation guides I saw that were written before the SHA1 debacle last year were suggesting to use the weakest possible SHA1 certificate signing because it was believed SHA256 was overkill.

Every few months for the last several months some new revelation comes out that nobody noticed before (SSL 3.0 determined to be too weak, SHA1 determined to be too weak, everyone "forgot" that export-grade ultra-weak encryption was still enabled even though there is no reason it should ever be used.  And on and on).  What's going to be next?

So, now SHA256 is the "minimum"  that should be used.  Why keep choosing minimums? Why not just go to SHA 512 now when building a new CA and not have to worry about having to scramble to quickly update and redploy overly weak certificates again in a few years or maybe less?

Is there a loss of compatability with SHA512 signed certificates?  Does SHA512 work with Windows 7, IE10, EAS 2010 and Lync 2010 ext?





  • Edited by MyGposts 5 hours 44 minutes ago
March 22nd, 2015 9:10pm

> Why not just go to SHA 512 now when building a new CA and not have to worry about having to scramble to quickly update and redploy overly weak certificates again in a few years or maybe less?

SHA512 is not supported by all applications. One example: https://support.microsoft.com/en-us/kb/2973337. And you may not expect that all clients will have this update installed. I wouldn't recommend to use signature algorithms stronger than SHA384.

> So, now SHA256 is the "minimum"  that should be used

it is "standard" signature algorithm.

Free Windows Admin Tool Kit Click here and download it now
March 23rd, 2015 2:10am

I saw that link, but I also saw that it is resolved with the hotfix. We can deploy the hotfix if it wasn't already deployed as part of previous Windows Updates.

Is there a place to get a list of common software that is not already past or near EOL that doesn't support SHA512 so we can determine if any of them apply to us?  

Maybe SHA384 might work also, but I would like to avoid using minimum standards of SHA256 in a brand new PKI.  

This time last year many people were still deploying new PKIs with SHA1 (before Microsoft and Google made their announcements about deprecation) and now regret it.


March 23rd, 2015 2:23am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics