Hash algorithm for certificates

When a certificate is issued by a provider, it is not generally the overall certificate but a cryptographic check sum from the certificate that is signed. The algorithm used in this context has to guarantee with almost 100% certainty that no other certificate can be constructed with the same check sum. The procedure used for calculating the check sum is referred to as a hash algorithm, and the check sum is called the hash value.

The Appendix of the Signature Ordinance names two secure hash algorithms: RIPEMD-160 and SHA-1. Both algorithms yield a hash value with a length of 160 bits. MD5 is another popular hash algorithms which generates hash values that are 128 bits in length. However, experts do not rate MD5's security level as highly as that of RIPEMD-160 and SHA-1. Under current legislation, the signature on a qualified certificate has to be based on a hash value generated by RIPEMD-160 or SHA-1.