What are RSA Security's plans to support SHA-256 with KCA?
Originally Published: 2005-05-31
Article Number
Applies To
Microsoft Windows 2000 Server SP4
Secure Hash Algorithm (SHA-1)
Secure Hash Algorithm (SHA-256)
Secure Hash Algorithm (SHA-384)
Secure Hash Algorithm (SHA-512)
Microsoft Windows Vista
Issue
Now that Secure Hash Algorithm (SHA-1) is considered weak in some circles, what are RSA Security's plans to support SHA-256 or other, stronger, hash algorithms (reference NIST Brief Comments on Recent Cryptanalytic Attacks on Secure Hashing Functions and Continued Security Provided by SHA-1)?
In terms of the security issue, Keon Certificate Authority does not have a problem with SHA-1. See the note on RSA Labs site at http://www.rsasecurity.com/rsalabs/node.asp?id=2836
Resolution
Cryptographic Support
Strong authentication is accomplished using the Secure Sockets Layer (SSL). SSL v3 is used for both Web authentication and LDAP authentication. Keon CA components and other PKI-related applications communicate with each other via mutually authenticated SSL sessions.
The Keon CA architecture supports key lengths up to 4096. Keon CA natively supports the following public key technologies:
CA Keys: RSA, DSA, ECDSA, GOST/GOSTR3411
End-Entity Keys: RSA, DSA, ECDSA, GOST/GOSTR3411
Message Digests: MD5, SHA-1, SHA-256, SHA-384, SHA-512
Many applications do not support the use of long hash algorithms, that is, SHA-256, SHA-384, and SHA-512.
Microsoft is working to support Suite B or SHA-2 algorithms in Windows Vista, but currently there are no public documents on this. Information from the IE group is that IE normally is dependant on the crypto and Schannel APIs so the availability of SHA-256 in IE would be the same answer as what was found from the Microsoft Security development team, that it is being worked on for the next OS version Windows Vista.
Related Articles
Determining if the RSA Authentication Manager 8.x install platform is hardware or virtual Number of Views FIM 3.1.2 - CryptoJ jar causing signature verification errors with md2 signature algorithm Number of Views What are transaction 'Attempts' and how are they reported? Number of Views Weak Certificate Signature Hashing Algorithm on TCP ports 5550 & 5580, CVE-2004-2761, CVE-2005-4900 Number of Views AAOP - Scheduler SP3P1 on Weblogic 10.3 deployment issue->Cannot find the declaration of element 'beans'. Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide How to Download OTP Token Seed Files from myRSA RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
