4

I am a person with no knowledge of app/server security.

I've been using only SHA-1 as many documentations have told me.

But I've always seen SHA-256 appear whenever I extract SHA-1 from Android Studio, and I've known that I can actually put sha-256 in google-services.

So my question is, what should I use SHA-1 or SHA-256? Which one is better? Can I use both at once?

-- EDIT

Google-services.json with only SHA-256 without SHA-1 key doesn't seem to work with Firebase Authentication.

dontknowhy
  • 2,480
  • 2
  • 23
  • 67
  • hi, `sha-1` is a deprecated standard, but some APIs might still require it. If you're able to choose which algorithm to use, `sha-256` or `sha-512` are fine digests to use. https://stackoverflow.com/questions/11624372/best-practice-for-hashing-passwords-sha256-or-sha512 – IronMan Nov 26 '20 at 03:36
  • hi thank you for the answer why don't you write it as an answer? and I can't see SHA-512. Is there a way to extract this? It seems that the space for SHA-512 is not visible in the firebase console. – dontknowhy Nov 26 '20 at 03:40
  • hi, there might be some info on that here https://github.com/firebase/firebase-admin-node/issues/792 but in your situation, it could be that's not available... not sure – IronMan Nov 26 '20 at 03:46
  • hi thanks have a lucky day – dontknowhy Nov 26 '20 at 04:00

0 Answers0