I’ve been giving an encryption talk over the last year, focusing on educating DBAs on the various features and capabilities available in SQL Server. One of the things I note in the talk is that SHA1 is not considered secure. You should avoid SHA or SHA1 if you are using SQL Server 2012. If you’re on an earlier version, you don’t have a choice.
Hopefully we’ll have more choices in the future. NIST has selected an SHA-3 algorithm as a new standard. This should provide more security, though there will be some time before we find out if there are any problems or potential attacks against this algorithm.
Filed under: Blog Tagged: encryption, security, sql server, syndicated