Do any AirWatch components require the use of the SHA-1 algorithm?

Recently, the Google security team has announced the first SHA-1 collision demonstration.  They were able to create two PDFs, containing different content, that have the same SHA-1 checksum.  While the scale of the computation required in this demonstration is very large, AirWatch recommends ensuring that all certificates and 3rd party components in your internal network and infrastructure support strong hashing algorithms, including SHA-256 and up.

Currently, all AirWatch components and apps support the use of cipher suites with the SHA-256 algorithm and above.  However, you should ensure that all mobile devices enrolled and 3rd party apps/infrastructure used also support compatible cipher suites. 

For on-premise environments, there are some available tools and methods that can be used to identify and configure the cipher suites supported on any AirWatch servers, as outlined in the Troubleshooting: SSL Protocols and Cipher Suites article.  All SaaS environments are currently configured to use strong cipher suites when supported by the devices and components that are initiating connections to the servers.

Note: The SHA-1 algorithm is currently used as part of some key stretching algorithms such as PBKDF2. This algorithm is used by AirWatch components and is considered cryptographically secure.

Have more questions? Submit a request

0 Comments

Article is closed for comments.